2011 New Years Resolution for IBM i Security 

 January 2, 2011

By  NickLitten

As 2011 New Years Eve came and went I spent a long time considering what my core personal resolutions should be: Eat Less, Exercise More, Speak Less, Think More.

I know these girls have nothing to do with an AS400 but... who cares?

Obviously I have my slightly more extravagant resolutions which are bound to fail: Take up Aikido, Become a Wine Connoisseur, Learn how to write Android & iPad Apps, Climb a Pyramid, Switch from Cigarettes to Cigars, Learn how to prepare a killer Chilli.

As I think about my new Years resolutions I also ponder what resolutions I should be applying to my professional role as an ‘AS400 Techie’. So here is resolution nbumber one:

Perform a system wide AS400/IBMi Security Cleanup

All of these tasks should be performed on a frequent basis but if your shop is a little more relaxed then maybe these pointers will assist in setting up an annual New Years Security Policy. Traditionally I always find the Christmas and New Years period is an ideal time for these kind of security cleanups – just after year end processing and the system has been fully backed up. Everyone is suffering from Hangovers and too many mince pies.

So lets get onto a list of things to do:

List all the user profiles and clean them up


You can then query the outfile looking for users that have left or changed departments. Users who have changed surnames. Expired passwords. User names that do not confirm to company naming standards. Disable any generic profiles. Change passwords for any system passwords that may not have changed for a long period of time.

Double check any Super Users

Do *ALLOBJ profiles really need that level? Any profiles in a group of QSECOFR or something similar?

Double Check any authority Elevators

Check for any objects that allow users to sneakily adopt a higher system authority level – Use the PRTADPOBJ (Print Adopting Objects) command:


Any Insecure default passwords out there?

Check for any default passwords and make sure these profiles are disabled or conform to your companies authority policy:


Health Check the System Security Settings

Print your system security settings and compare them against IBM’s recommended values or against that good old thing called ‘common sense’ 🙂


note: If you are using the iSeries Navigator (is it still called that or it now IBMi Navigator?) you can run the Security Wizard which does the same thing.

Public data is insecure data

Check for sensitive files with *PUBLIC rights. This is a huge exposure in the modern intranet and Internet connected world and I’m continually amazed by the number of companies I work with that have *PUBLIC read rights on all kinds of system files from sensitive payroll to check payment files. Use the Print Publicly Authorised Objects command:


and on and on…

I have to stop myself here because this list is in danger of growing into a novella. This is just the tip of the iceberg but a sensible starting point for any shop doing a New Years Security Audit. Whatever results you come up with – store them and then Fix them. This gives you a useful metric to compare against next time you run the process.

Good Luck and Secure New Year to you all.


IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Shameless Trekkie, Belligerent Nerd, Englishman Abroad and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and remember: If at first you don't succeed then skydiving probably isn't a hobby you should look into.

Nick Litten

related posts:

Swap Homes and Travel the World – Join Home Exchange
Surf the Web Securely with OPEN DNS
IBM i Software Change Management – CMS vs ALM – What’s in a Name?
Want to learn CL Programming?
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get In Touch

I’m always looking for awesome input, feedback and critique!


Snug CBD

 20% Discount

I have partnered with SNUG CBD givING you Organic CBD
20% discount code "NL20"