VigilEnt Security Agent for iSeries
Object Authority Management
Error: 'Object (Object Name) in PSSECURE type *PGM not found' received when using Object Authority Management.
When the template program is not found, this message will appear.
When object authority templates are created in Object Authority Management (OAM), a template *PGM of the same name should also be created in PSSECURE. If this does not occur correctly, then the template should be deleted and recreated.
To create an OAM template, follow these steps:
- Identify the application that requires the new authority template. All of the libraries associated with the chosen application must be known.
- Define the required authority for the chosen application :
- Which user profile will own the objects?
- Which users will have access and how much access?
- Specify the name and description of the new template. It is recommended that you use a name that describes the application and is easily recognized.
- Specify the user profile that will own the objects. The owner will have *ALL authority to the objects in the application. The object owner should not be a user profile that uses the application, since this would give the user(s) all authority to the application objects
- Library or group of libraries (generically or by using *USRLIBL) for the application. Note: You can exclude an object with the Filtering feature of PSAudit.
- Output file name. This is the file that will be used to perform the audit and subsequently bring objects into compliance. It is recommended that you put your output files into a separate library and give them the same name as the template.
NOTE: To retrieve object authority information, the objects cannot be in use, thus this job should be run after hours at a time when there is very little or no other activity on the system.
To audit an application for object authority compliance, follow these steps:
- Select Option 1 Work with Authority Templates and Option 5=Use Report/Comply for the desired template and enter the following:
- Name of the output file created in step 8 above.
- Comply flag (?Y? to force objects into compliance by changing their authorities or ?N? to simply create a report used to audit the objects).
- JOBQ for the job.
If this is a compliance job (Comply flag = Y), all objects in the output file created in step 8 above will be changed to the object authorities specified in the authority template. To change object authority information, the objects cannot be in use, thus this job should be.
run after hours at a time when there is very little or no other activity on the system.
If this is an audit job (Comply flag = N), information will be written to a file which is then used by Option 2 (View/Change Non-Compliant Objects).