Working with IBM i security controls

To achieve increased security, combine IBM® i security controls with on-site security measures and the BRMS functional usage model. User management is responsible for the evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication environments.

IBM i security features include the use of passwords, a security option to limit read/write access for files, libraries, and folders during normal operations. To better understand IBM i security options, review the Security Reference topic.

To ensure that you are protecting your media, IBM recommends that you restrict access to the following BRMS-specific commands. Do this in addition to the other security measures that are discussed in this chapter.
  • CHGMEDBRM
  • CHGSCDBRM
  • RMVMEDBRM
  • ADDMEDIBRM
  • RMVMEDBRM
  • RSTAUTBRM
  • RSTxxxBRM
  • INZMEDBRM
IBM also recommends that you restrict access to the following IBM i commands:
  • INZTAP

Use the Grant Object Authority (GRTOBJAUT) command to grant users access to these BRMS and IBM i commands. Use the Remove Object Authority (RMVOBJAUT) command to remove user access from these commands.

Note:
  1. IBM also recommends that you restrict user access to the QBRM library to BRMS users.
  2. IBM ships a default user profile that is called QBRMS as part of the basic IBM i package. Do not delete this profile. This profile resolves security and authority issues between BRMS and IBM i during a recovery, thereby restoring the BRMS profile in advance of other user profiles. For more information about QBRMS and network security, see Networking with BRMS.