wwilliams
Active Member
RE: AS/400 security
I would really question anyone telling you to give a user *ALLOBJ authority.
This sounds like overkill for the security problem you have where you only
need to grant specific authority. With *ALLOBJ a user can do anything on the
AS/400 as all security is bypassed. You can have no security for payroll,
H/R or any other application. In addition, a user can use Operations
Navigator to add and delete rows within a table as well as tables in whole.
The only partial security you might have is if you are using signon security
and no one knows the real userid and password.
Question, are you coexistent? If not, then why would your users have access
to Operations Navigator. I would probably look at removing ON from the
user's system because of it's ease of use.
I am running coexistent with Xe and A73.3 with the system user as JDE and
the PassWord unknown to my users. The JDE profile is in the Programmer
group with no special authorities. This works very well.
Bill Williams
>
I would really question anyone telling you to give a user *ALLOBJ authority.
This sounds like overkill for the security problem you have where you only
need to grant specific authority. With *ALLOBJ a user can do anything on the
AS/400 as all security is bypassed. You can have no security for payroll,
H/R or any other application. In addition, a user can use Operations
Navigator to add and delete rows within a table as well as tables in whole.
The only partial security you might have is if you are using signon security
and no one knows the real userid and password.
Question, are you coexistent? If not, then why would your users have access
to Operations Navigator. I would probably look at removing ON from the
user's system because of it's ease of use.
I am running coexistent with Xe and A73.3 with the system user as JDE and
the PassWord unknown to my users. The JDE profile is in the Programmer
group with no special authorities. This works very well.
Bill Williams
>
