PowerWire.eu

Independent IBM i, AIX and Linux news and tech tips for Europe and beyond

  • Home
  • News
  • Technical Articles
    • IBM i
    • AIX
    • Linux
    • VIOS
  • Subscribe
  • About Us
  • Contact Us
  • Advertise with PowerWire.eu

A screen a story –  Explore the power of Authority Collection in Navigator for i

October 4, 2022 by Rudi van Helvoirt Leave a Comment

In order to step up to a higher level of security, I suggested a customer to start using encryption on File Shares on IBM i. Currently for IBM i SMBv3 with encryption, is the highest level you can go to. For more details I suggest you have a look at this article: smbv3-support-in-ibm-i-7-4. Since we call the Navigator shown in that article, the Heritage Navigator for i and are now talking about the New Navigator for i, which is available since September 2021. In this article when mentioning the Navigator for i (Nav4i) I am talking only about the new one.

Well, back to the drawing board. In order to test SMBv3 with encryption, it is always the best to create a test share. When doing so, you can directly activate “Encryption” as shown below:

After testing this share with someone from the IT department, they kindly asked to be added to the M3 share currently available, so they could do some testing before and after the activation of encryption.

It is there where the trouble began, as the directory was linked to an authority list, the user was added by copying the authority settings from another user. Soon after the customer discovered that was not sufficient to access the share, so we came into play. Knowing the value of Authority Collection, started an SQL script as shown below:

Soon we discovered that to the user *Execute rights were not given, which is needed when in order to search the directory, when connecting the share.

In order to examine the Authority Collection results I already mentioned that a SQL script was used and the SQL statement:

select * from QSYS2.AUTHORITY_COLLECTIOn where AUTHORIZATION_NAME=’DBEKKER’and

 path_name=’/M3BE/env/M3BE_15.1_PRD/transfer’ order by CHECK_TIMESTAMP desc;

Which resulted in this:

When using Nav4i, I did hover over the user DBEKKER and it is there where I did notice the option to use Authority collection:

When looking at the results of the option “Authorization failures” I did get the following result:

So the lesson I learned from this is, the next time I need to have a look at a specific authority problems, I will start with using Nav4i.

In order to give you a quick impression of the other options, here they are:

Filed Under: IBM i, Technical Articles Tagged With: IBM i, IBM Power Systems, Power Systems

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Free monthly newsletter signup

News

A screen a story – Not our problem anymore

Last week I ran into an issue, which did teach me something new about the command WRKPRB. After checking a … [Read More...]

Raspberry Pi and Machine Learning

In my last article, I demonstrated how I used Machine Learning on the Raspberry Pi to determine if a … [Read More...]

Shield Advanced Solutions – new Messaging and Monitoring solutions

September 2022 – Toronto As Shield Advanced Solutions celebrates the significant milestone, 25 years of … [Read More...]

More articles from this section

Quick Links

  • Advertise
  • Subscribe

Follow Us…

  • Email
  • LinkedIn
  • Twitter

Search This Website

Copyright © 2023 · Cue Communications · All Rights Reserved

Log in