Error: 'Object (Object Name) in PSSECURE type *PGM not found' received when using Object Authority M (NETIQKB30801)

  • 7730801
  • 02-Feb-2007
  • 18-May-2007

Resolution

fact
VigilEnt Security Agent for iSeries

fact
Object Authority Management

symptom
Error: 'Object (Object Name) in PSSECURE type *PGM not found' received when using Object Authority Management.

cause
When the template program is not found, this message will appear.

fix

When object authority templates are created in Object Authority Management (OAM), a template *PGM of the same name should also be created in PSSECURE.  If this does not occur correctly, then the template should be deleted and recreated.

To create an OAM template, follow these steps:

  1. Identify the application that requires the new authority template.  All of the libraries associated with the chosen application must be known.
  2. Define the required authority for the chosen application :
    • Which user profile will own the objects?
    • Which users will have access and how much access?
  3. Select Option 1 Work with Templates to work with authority templates.
  4. Press F6 (Create New Template) to create a new authority template
    • Specify the name and description of the new template.  It is recommended that you use a name that describes the application and is easily recognized.
    • Specify the user profile that will own the objects.  The owner will have *ALL authority to the objects in the application.  The object owner should not be a user profile that uses the application, since this would give the user(s) all authority to the application objects
  5. Press F8 (Edit Authorities) to define the specific authorities for the application.  It is recommended that users have *USE authority and that *PUBLIC has *EXCLUDE authority.  This will help secure the application from unknown users.
  6. Press ENTER twice and F3 to save the authorities and return to the 'Object Authority Management' menu.
  7. Select Option 3 Generate Authority File to generate the authority information for the application.
  8. In the 'PSAudit' Submittal Window, enter the following:
    • Library or group of libraries (generically or by using *USRLIBL) for the application.  Note: You can exclude an object with the Filtering feature of PSAudit.
    • Output file name. This is the file that will be used to perform the audit and subsequently bring objects into compliance. It is recommended that you put your output files into a separate library and give them the same name as the template.

      NOTE: To retrieve object authority information, the objects cannot be in use, thus this job should be run after hours at a time when there is very little or no other activity on the system.
  9. This job will also produce a report of objects contained in the resulting output file. Review this report and if there are any objects which you do not want included, create a filter to exclude them and then regenerate the output file.  Once this job is completed the application can be audited.

 

To audit an application for object authority compliance, follow these steps:

  1. Select Option 1 Work with Authority Templates and Option 5=Use Report/Comply for the desired template and enter the following:
    • Name of the output file created in step 8 above.
    • Comply flag (?Y? to force objects into compliance by changing their authorities or ?N? to simply create a report used to audit the objects).
    • JOBQ for the job.  

      NOTE: 

      If this is a compliance job (Comply flag = Y), all objects in the output file created in step 8 above will be changed to the object authorities specified in the authority template.  To change object authority information, the objects cannot be in use, thus this job should be.
      run after hours at a time when there is very little or no other activity on the system. 

      If this is an audit job
      (Comply flag = N), information will be written to a file which is then used by Option 2 (View/Change Non-Compliant Objects).
  2. Select Option 2 View/Change Non-Compliant Objects to view any objects that do not comply.
  3. Periodically repeat steps 7 through 9 to audit the application.

.


Additional Information

Formerly known as NETIQKB30801