Presentation on theme: "1 Authority on Demand Flexible Access Control Solution."— Presentation transcript:
1 Authority on Demand Flexible Access Control Solution
2 The Challenge Emergency access to critical application data and processes is a very common security breach which is uncovered in System i audits. Currently, manual approaches to this problem are not only error-prone, but do not comply with regulations and auditor’s often stringent security requirements. System i sites define user’s security levels and allocate security rights corresponding to the different job responsibilities in the organization.
3 AOD Features Easy to Use - simplifies granting special authorities when necessary, and incorporates easy-to-use reporting and monitoring mechanisms. Add/Swap Security Levels (unique to iSecurity AOD) - grants a new security authority level or adds additional security rights on request. Authority Transfer Rules & Providers - enables pre-defining special authority "providers" and special authority transfer rules. Safe Recovery from Emergency - enables recovering from different types of emergency situations with minimum risk of human error. Full Monitoring Capabilities - logs and monitors all relevant activities, and sends audit reports and real-time alerts when employees request higher authority. Part of End-to-End Solution - solidifies iSecurity's position as the most comprehensive security solution for System i environments. Intuitive GUI Interface –suitable for non-technical staff. Controlled Access – allows only relevant personnel to access critical data
4 Part 1 Authority on Demand Scenario
5 Without Authority on Demand: Inefficient Work Mode Sam Evans Programmer Has authorities for Test & Development Needs authorities for Production once a week Richard Garner Busy IT Manager Hi Sam… temporary authorities for the Production folder? Hmmm, I don’t have time now… maybe next week. Authority Request Rejected
6 With Authority on Demand: Automatic Granting of Special Authorities Let’s define authority rules: When Sam Evens requests authority for Production Folder between 8AM-16:30PM, the system will automatically grant it… Uh, Richard, I need authorities for the Production folder again…
7 Requesting Special Authority… Now that we have AOD, I’ll request authority… Wow, this is so much easier than calling up Richard…
8 Instantly & Automatically Receiving Authorities Got the authorities!
9 Finally, I don’t have to waste my time on granting special authorities… the whole process is automatic and I can see a full log of Sam’s authority requests and even screen captures! Effective Monitoring of Special Authorities
10 Part 2 Authority on Demand Screens
11 AOD Welcome Screen
12 Authority on Demand Log DANA start add authority of user QSECOFR in job /DANA/QPADEV0003. Reason: Need to check problem in production system. Confirmation ID: 5634 Time: 11/03/08 22:40 DANA end add authority of user QSECOFR in job /DANA/QPADEV0003. Time: 11/03/08 23:19 ID: 653 Attachment 1 – Command entered Attachment 2 – Captured Screens Attachment 3 – DB Records changes Command entered ID: 653, Attachment 1 DB Records changes ID: 653, Attachment 3 Captured Screens ID: 653, Attachment 2 * Other attachment options available (all QAUDJRN information, summary of changes made by Ad-Hoc utilities…)
13 Authority on Demand Main Menu
14 Work with Authority Rules Select Authority Rule to modify.
15 Modify an Authority Rule Each field needs to be explained individually; “Add authority of Provider” is unique to AOD & ensures that logged info relates to requester.
16 Modify an Authority Rule Important note below.
17 Work with Authority Providers Select an Authority Provider to modify.
18 Modify definitions for an Authority Provider
19 Define (Option 6) and Change a Time Group
20 Activation menu (Option 11)
21 Request to obtain Authority (GETAOD) Requestor must enter the name of the Authority provider and either a PIN Code (with Reason *BYPIN) or Reason text.
22 GETAOD was successful Feedback message below.
23 messages for Start/End Authority
24 GETAOD was not successful Feedback message below.
25 Unsuccessful GETAOD: log and
26 Unsuccessful GETAOD- full explanation
27 Request AOD Console Messages Enter command.
28 Sample AOD Console Messages
29 Option 41 from the Main Menu is used to Display AOD log entries; can be filtered by requester or provider. Display AOD Log Entries