Authority Swapper
Introduction
Authority Swapper allows a user to temporarily swap to a different profile that typically has additional authorities so that they can complete a specific task. The swapped user can be audited to a very in-depth level to meet auditors’ requirements and ensure that they do not attempt to do anything untoward.
Without this kind of specialist utility, system administrators or security officers would have to do one of the following: give the user permanent additional authorities in their own profile, or provide a password of an alternative profile that has the required authorities or sign on to the system, on behalf of the user, with the appropriate level of authority as and when required.
Features
- Temporary authority can be created once and then scheduled for specific time frames to allow repeated use
- Can be integrated into our other monitoring modules for real-time intrusion detection
- Swap sessions can be restricted to certain times of the day and for limited periods of time
- Immediate temporary authority can be granted for one-off sessions or tasks
- In-depth command logging with the ability to select specific commands and apply these to multiple swap profiles
- Swap Sessions can be ended immediately by a system administrator should the need arise
|
Benefits
- Security officers can control when the user has access to the additional authorities
- Record a log of what each user did on the system when they were granted the higher level of authority
- Non-permanent staff can be given very low level access to the IBM i and simply swap to an authorized profile to perform higher level tasks while being audited
- Control access to confidential, sensitive or financial information on your IBM i, by restricting access to a limited number of user profiles
- Helpdesk staff who need to create new users no longer need high level access at all times. They can simply switch to an administrator type profile when they need to perform such tasks and are audited at all times
|
|
