Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Clearer Names for HelpSystems Security Software.
--------------------
If you are required to control SQL access so that All Users have ‘Read’ access only for ALL Files on the system, use Exit Point Manager’s Object List to limit user access.
Access to specific files in a library through the SQL server is not as straight forward as with other servers because the SQL server requires access to tables in QSYS and QSYS2 libraries.
(Note: The use of Object Lists has a greater performance impact than location rules, user rules, and memorized transactions.)
Follow this procedure to set up the ‘Read’ access to ‘All’ files using Object Lists.
READOBJLST Q [ASP Group] Read Only Object List
Press Enter twice. This will bring you back to the Work with Object Lists screen with your Object List entered and visible.
The Work with Object List Entries screen appears where you can define your new Object List.
Enter 1 under Opt and * (asterisk) for Library and Object. Enter *FILE for Type.
Press Enter twice to accept the changes.
This brings you back to the Work with Object List Entries screen with your new entry visible.
Use option 9 next to your Object List and press Enter.
Using the next screen, add each individual user OR group profile to have the following rules:
User/Group Profile *ALL *REJECT Y N N *NONE
User/Group Profile *READ *OS400 Y N N *NONE
Enter 1 under Opt and then enter the User/Group name, the operation you want them to have, the authority, Y, N, N for Auditing, Message, and Capture flags, then press Enter twice.
For each user, activate the *SQLSRV server by placing a 1 next to *SQLSRV and pressing Enter twice.
Note - You must have a rule to reject everything except the read.
You will see the User/Group with *MEMOBJ for the object list that you just created (see below).
Results:
*ALL *PUBLIC *REJECT Y N N *NONE
*ALL User/Group *MEMOBJ Y N N *NONE
Note – Clear the cache using the Server Properties (Procedure Below) to enforce this new rule.
The procedure to clear the cache is a green screen procedure.
This will create the new cache for the server with the new rules, clearing the cache.
Still have questions? We can help. Submit a case to Technical Support.