Monitoring authority

This topic provides basic suggestions for monitoring the effectiveness of the security safeguards on your system.

A set of security reports are available to help you keep track of how the authority is set up on your system. When you run these reports initially, you can print everything (authority for all the files or for all the programs, for example).

After you have established your base of information, you can run the changed versions of reports regularly. The changed versions help you identify security-relevant changes on your system that require your attention. For example, you can run the report that shows the public authority for files every week. You can request only the changed version of the report. It will show you both new files on the system that are available to everyone and existing files whose public authority has changed since the last report.

Two menus are available to run security tools:

• Use the SECTOOLS menu for running programs interactively.

• Use the SECBATCH menu for running programs in batch. The SECBATCH menu has two parts: one for submitting jobs to the job queue immediately, and the other for placing jobs on the job scheduler.

If you are using iSeries™ Navigator, follow these steps to run the security tools:

1. In iSeries Navigator, expand your Server > Security.

2. Right-click Policies and select Explore to display a list of policies you can create and manage.

Review your security policy statement and your security memo to users as you decide which monitoring tasks you need to perform regularly. The following topics discuss several items to watch for, when monitoring authority:

• Monitoring authorization lists
  How to use authorization lists to organize object groups based on security requirements

• Monitoring private authority to objects
  This topic describes the SECBATCH menu options and security commands that you can use to monitor private authority to objects.

• Monitoring public authority to objects
  This topic describes the SECBATCH menu options and security commands that you can use to monitor public authority to objects.

• Monitoring user environments
  This topic discusses using the SECBATCH menu and commands to monitor user environments.

• Monitoring special authorities
  This topic describes the SECBATCH menu options and commands used to monitor special authorities.

• Monitoring sign-on and password activity
  If you are concerned about unauthorized attempts to enter your system, you can use the PRTUSRPRF command to help you monitor sign-on and password activity.

• Monitoring user profile activity
  As a security administrator, you need to control and audit changes that occur to user profiles on your system.

Parent topic: