Flexible Control of User Authorities
When we have the need to control and monitor the activities of “non-corporate” personnel such as consultants or auditors, provide emergency access to critical application data and processes on an “as needed” basis (i.e. Dev Team / R&D), manual approaches to such situations are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements.
iSecurity Authority On Demand Elevates Authorities at a Glance
iSecurity Authority on Demand provides an advanced solution for emergency access to critical application data and processes, which is one of the most common security slips identified by auditors in IBM i audits.
iSecurity Authority on Demand saves valuable time and resources, enforces segregation of duties and enables relevant personnel to obtain access to approved information when needed. Its real-time audit of access rights protects sensitive corporate assets and significantly reduces the number of profiles with powerful special authorities.
iSecurity Authority on Demand simplifies the process of granting special authorities when necessary, and incorporates easy-to-use reporting and monitoring mechanisms to ensure that this extremely sensitive and potentially dangerous capability is not misused. It also enables recovery from different types of emergency situations with minimum chances for human error.
iSecurity Authority On Demand logs all activities as well as all users' activities while operating with a different authority and show them in a wide range of reports.
How Does it Work?
Rule Definition to Elevate Authority
iSecurity Authority On Demand elevates Authority based on pre-defined rules to help System administrators to make it easy and have total control of every authority given in special cases.
- Who can get Elevated Authority
- Which Level of Authority this User can get
- How long this Level will stay before going back to his previous Authority Level
iSecurity Authority On Demand Benefits
- Easy to Use – AOD simplifies the process of granting special authorities when necessary, and incorporates advanced reporting and monitoring mechanisms.
- Add/Swap Security Levels – AOD can grant an alternative authority level or add additional security rights to an existing user profile.
- Fully Monitored Temporary Permissions – AOD provides temporary authority, then prints the system audit log (QAUDJRN), and captures user screen images while the temporary authority is valid.
- Authority Transfer Rules & Providers – AOD enables pre-defining special authority “providers” and special authority transfer rules such as time-limited authority transfers and optional PIN codes.
- Safe Recovery from Emergency – AOD enables recovering from different emergency situations with minimum risk of human error.
- Extensive Monitoring – AOD logs and monitors relevant activities, producing regular audit reports and real-time e-mail, SMS or SYSLOG alerts when higher authority is requested.
- Controlled Access – AOD allows only relevant personnel to access critical data and processes.
- Multiple Reports – AOD creates reports by time, time range, user who requested authority (requester), user who provided authority (provider), operation type, job name (workstation), time groups and more.
- Three levels of product usage: Full, Auditor (read-only) and Emergency.
- Grants users higher authority as needed according to pre-defined rules
- Logs all activities as well as all users’ activities while operating with a different authority
- Site-definable email message alerts and SYSLOG messages
- Capabilities for restricting requestors
- Real Time approval request
- PIN number verification
- OTP Verification
- User-friendly GUI interface