Users that don't have Approved Entries are able to do transactions when collection has been turned o (NETIQKB31101)

  • Document ID:7731101
  • Creation Date:02-Feb-2007
  • Modified Date:21-Jan-2008
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

fact
VigilEnt Security Agent for AS/400 5.3/6.3

symptom
Users that don't have Approved Entries are able to do transactions when collection has been turned off and exit points are secured.

fix

The following steps in Remote Request Management will help to troubleshoot and identify the cause of why users who do not have Approved Entries are able to perform transactions:

  1. Select Option 3 Remote Request Management from the PSSecure Main Menu, press Enter.
  2. Select Option 1 Work With Approved Entries, press Enter.
  3. Press F17 to view the 'Work with User Profiles' screen.
  4. Verify the entry for *All Access for all Users is set to 'N'.  If it is set to 'Y', all transactions are allowed unless there is an entry in the 'Approved Entry' list with the Allow flag set to 'N' for that transaction. 
    Transactions may be allowed if an Approved Entry for the group profile if Group Checking is turned on.
  5. Go back to the 'Remote Request Management' screen and select Option 9 Maintain RRM Defaults, press Enter.
  6. Check to see if either the fields below is set to 'Y':
    • Check Group Profile Authority
    • Check Supplemental Group Profile Authority
  7. If either field is set to 'Y', check the profile to see what group(s) it is a member of.
  8. Verify if there are Approved Entries for the group(s) in the 'Work with Approved User Requests' list.  This may explain the transactions allowed.
  9. If this does not resolve the question, go back to Option 9 Maintain RRM Defaults and press Enter.
  10. Set the flag to 'Y' for Debug exit program.
  11. Re-submit the transaction to capture the approval process.
  12. Go back to Option 9 Maintain RRM Defaults and change the Debug flag back to 'N'.
  13. At a Command Line run the following query:
    •  RUNQRY *n pscommon/ts1150dg
  14. The resulting report will have text on the right side of the page that will step through the process of checking for authority. It should indicate why the transaction was approved.


Additional Information

Formerly known as NETIQKB31101