Minimizing Threats Posed by Excessive User Authorities
Sometimes IT Managers need to provide a user enough rights to carry out a unique assignment that his security level rights normally don’t allow him to accomplish it.
This leads to an excessive amount of Users with High Authority, which leads to a major risk, because usually these Authorities aren’t disallowed over time.
Identifying the Breach
There are various methods to confine authorities:
- Adopted authority
- Authorization lists
- Group Profiles
The Authority Inspector supports the user regardless of the specific method in use.
It enables comparison of utilized authority versus the required ones, and supports selection of the method.
iSecurity Authority Inspector also provides information on the minimal authority to be given at each stage and the frequency of testing authorities. Helping managers and system administrators, to graphically analyze IBM i security related activities instantaneously and without OS/400 technical knowledge.
The iSecurity Authority Inspector is installed on a PC that processes data from the IBM i, Identifying every security breach related to excessive authorities.
How Does it Work?
Authority Collection commands, introduced in OS400 Ver. 7.3 – Start Authority Collection (STRAUTCOL), End Authority Collection (ENDAUTCOL) or Delete Authority Collection (DLTAUTCOL) are used to collect authority data during program run.
Now that authority data is available, iSecurity Authority Inspector may be used to turn it into valuable information assisting the users in the mission of minimizing threats posed by excessive authorities.
Visualize Information at a Glance
iSecurity Authority inspector works with IBM’s Authority Collection data. It reads, summarizes and analyzes the data and presents it, with the analysis results, in graphs and tables. In some cases, the Authority Inspector presents the data in a more meaningful way to ease understanding
- Runs on a PC that processes data from the IBM i
- Automatically summarizes and analyzes the data
- Graphical User Interface
- Easy to use for non IBM i Users
- Advanced Filtering options to get accurate reports