2011 New Years Resolution for IBM i Security

  • Home
  • /
  • Blog
  • /
  • 2011 New Years Resolution for IBM i Security

January 2, 2011

As 2011 New Years Eve came and went I spent a long time considering what my core personal resolutions should be: Eat Less, Exercise More, Speak Less, Think More.

I know these girls have nothing to do with an AS400 but... who cares?

Obviously I have my slightly more extravagant resolutions which are bound to fail: Take up Aikido, Become a Wine Connoisseur, Learn how to write Android & iPad Apps, Climb a Pyramid, Switch from Cigarettes to Cigars, Learn how to prepare a killer Chilli.

As I think about my new Years resolutions I also ponder what resolutions I should be applying to my professional role as an ‘AS400 Techie’. So here is resolution nbumber one:

Perform a system wide AS400/IBMi Security Cleanup

All of these tasks should be performed on a frequent basis but if your shop is a little more relaxed then maybe these pointers will assist in setting up an annual New Years Security Policy. Traditionally I always find the Christmas and New Years period is an ideal time for these kind of security cleanups – just after year end processing and the system has been fully backed up. Everyone is suffering from Hangovers and too many mince pies.

So lets get onto a list of things to do:

List all the user profiles and clean them up


You can then query the outfile looking for users that have left or changed departments. Users who have changed surnames. Expired passwords. User names that do not confirm to company naming standards. Disable any generic profiles. Change passwords for any system passwords that may not have changed for a long period of time.

Double check any Super Users

Do *ALLOBJ profiles really need that level? Any profiles in a group of QSECOFR or something similar?

Double Check any authority Elevators

Check for any objects that allow users to sneakily adopt a higher system authority level – Use the PRTADPOBJ (Print Adopting Objects) command:


Any Insecure default passwords out there?

Check for any default passwords and make sure these profiles are disabled or conform to your companies authority policy:


Health Check the System Security Settings

Print your system security settings and compare them against IBM’s recommended values or against that good old thing called ‘common sense’ 🙂


note: If you are using the iSeries Navigator (is it still called that or it now IBMi Navigator?) you can run the Security Wizard which does the same thing.

Public data is insecure data

Check for sensitive files with *PUBLIC rights. This is a huge exposure in the modern intranet and Internet connected world and I’m continually amazed by the number of companies I work with that have *PUBLIC read rights on all kinds of system files from sensitive payroll to check payment files. Use the Print Publicly Authorised Objects command:


and on and on…

I have to stop myself here because this list is in danger of growing into a novella. This is just the tip of the iceberg but a sensible starting point for any shop doing a New Years Security Audit. Whatever results you come up with – store them and then Fix them. This gives you a useful metric to compare against next time you run the process.

Good Luck and Secure New Year to you all.


IBM i Software Developer, Digital Dad, AS400 Anarchist, RPG Modernizer, Shameless Trekkie, Belligerent Nerd, Englishman Abroad and Passionate Eater of Cheese and Biscuits. Nick Litten Dot Com is a mixture of blog posts that can be sometimes serious, frequently playful and probably down-right pointless all in the space of a day. Enjoy your stay, feel free to comment and remember: If at first you don't succeed then skydiving probably isn't a hobby you should look into.

Nick Litten

related posts:

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Start your
7-day free trial

Take This Course with ALL ACCESS

Unlock your Learning Potential with instant access to every course and all new courses as they are released.
 [ For Serious Software Developers only ]

IBM i Training For Technology Experts


Successfully Work Remote 

 $ 129.00  $59.00

By adding new skills in information technology, employers will be confident that you have the necessary skills and tools needed to successfully work remotely


Snug CBD

 20% Discount

I have partnered with SNUG CBD givING you Organic CBD
20% discount code "NL20"