Support MC Press - Visit our Sponsors

 

Forums Sponsor

Popular Forums

POPULAR FORUMS Upload question (506 views) Parsing XML using XSL in RPGLE (470 views) COBOL on the AS/400 (461 views) Upload TXT to Source PF (391 views) Namespace for RPG procedures (342 views) VARLEN in DDS vs. VARCHAR in DDL (326 views) Comment on: TechTip: Automate Data Transfers Using FTP (324 views) "When you're wrong, admit it quickly and emphatically" (308 views) Trying to add images to an overlay (296 views) Thanks! (180 views)

Forums

 

Search Sponsor

  

Popular Searches

POPULAR SEARCHES 1. sql2xls 2. Tom Snyder 3. PHP 4. PDF 5. subfile 6. XML 7. java 8. gregory 9. ftp 10. sql2xml

Search

 Using authorization lists offers many advantages for those people charged with maintaining system and data security.

A well-structured authorization scheme that includes both user groups and authorization lists by application or library type allows for better control over the whole system, thus preventing unpleasant surprises and reducing the unauthorized-access risk.   After the theory of Part I and the practical example of Part II, here's a brief list of advantages of using authorization lists:

• User authority is defined for the authorization list, not for the individual objects on the list. This means that if a new object is secured by the authorization list, the users on the list automatically gain authority to the object, even if the object is being used by another process.
• One operation can be used to give a user authority to all the objects on the list, thus simplifying the security officer's work.

• Authorization lists reduce the number of private authorities on the system. Each user has a private authority to one object (the authorization list), which in turn grants the user authority to all the objects secured by the list. Reducing the number of private authorities in the system also has advantages: it reduces the size of user profiles and improves the performance when saving the system (SAVSYS) or saving the security data (SAVSECDTA).
• Authorization lists are probably the best way to secure files. If you use private authorities, each user will have a private authority for each file member. Imagine that one of your files has 100 members; you'll have 100 private authorities for each user listed in that file's private authority! If you use an authorization list, each user will have only one authority. Also, files that are open cannot have authority granted to the file or revoked from the file. If you secure the file with an authorization list, you can change the authorities even when a file is open.
• Authorization lists provide a way to keep authorities when an object is saved. When an object is saved that is secured by an authorization list, the name of the authorization list is saved with the object. If the object is deleted and restored to the same system, it is automatically linked to the authorization list again. If the object is restored on a different system, the authorization list is not linked, unless ALWOBJDIF(*ALL) or ALWOBJDIF(*AUTL) is specified on the restore command.

 In conclusion, authorization lists are extremely useful and easy to manage (if well-planned and well-implemented). And they're an all-time favorite with auditors!