Controlling Application Security This course is also available on CD-ROM
Presenter: Manta Technologies
Availability: Online SKU: 3528
Course Description: If you took the previous courses in this series, you saw that a user can gain an authority to an object in any of three ways:
· Via a special authority
· Through the object's public authority
· By receiving a private authority to the object
This course describes three additional ways a user can gain authority to access an object:
· By membership in a group
· Through an authorization list
· Via an adopted authority
These methods are often employed to grant a user the necessary authorities to access the programs, database files, and other objects that make up an application system.
Each method is covered in a separate interactive session. The first session of this course covers group profiles. A group profile can be used to give object authority to a collection of users with common access requirements. An authorization list is used to control access to a collection of objects. The second session of this course discusses the application security requirement that is satisfied by authorization lists. It also covers the OS/400 facilities for creating and maintaining such lists.
Adopted authority is covered in the third session. Adopted authority grants a user the temporary authority needed to execute a program. You will see how to set up adopted authority for an application and the considerations that you must keep in mind to avoid potential security exposures.
The course ends with a discussion of authority holders. These are objects that can be used to provide OS/400 security for System/36 applications.
After completing this course, you should be able to: • Order the steps required to set up a group profile and member profiles • Identify the authorities granted to a user by being a member of a group • Describe how user profile parameters can be used to control object ownership and authorities • Compare the advantages of using an authorization list to those of using a group profile • Identify the authorities granted to a user via a given authorization list • Identify the steps required to use adopted authority • Describe the purpose of authority holders • Use OS/400 facilities
Audience: The course is intended for security officers and other personnel who are responsible for designing and implementing a system security plan. The audience also includes system administrators, programmers, managers, and users who will participate in security planning for the system as a whole or for one or more applications.
Prerequisites: This course assumes that you are familiar with the concepts and basic operations of OS/400 systems. You can satisfy these prerequisites by successfully completing the courses in the following series:
· Using an iSeries System
· Introduction to iSeries Security
· Granting Object Authority
You may also have obtained these skills by taking other courses or through relevant work experience.
Course Outline: Group Profiles Authorization Lists Adopted Authority Authority Holders
Course Details:
Length:
90 minutes
Format:
Online Learning
Publisher:
Manta
Controlling Application Security This course is also available on CD-ROM
Controlling Application Security
