MDOpen MDWorkflow MDXREF MDCMS

MDSEC

 

Built-in Security and Compliance

MDSEC, the same application security tool that prevents unauthorized access to our MDXREF and MDCMS products, may also be used to protect your own in-house IBM i applications.

A programmer simply describes an application function to MDSEC, and then MDSEC assigns a security code to that function. The programmer then embeds a call to MDSEC’s security checking function with the security code inside the necessary program(s). A reply indicates whether or not the user is authorized to the function.

Security administration tools included in MDSEC enable you to set individual user authority levels in seconds. MDSEC handles the following authority levels:

  • A user or group of users
  • An application or group of applications
  • General authority to an application’s function
  • Reduced authority to an application’s function based on set limits (for example, the user is only allowed to delete an item if it has a value of less than 500)

A Better Way to Manage Authorization Lists

Managing IBM i authorization lists is very cumbersome using the commands supplied by IBM, but MDSEC enhances authorization list management in a number of ways:

  • Search lists for a specific user
  • Change or remove authorizations for all users in a list at once
  • Change or remove all lists for a user at once
  • Map the authorization list entries for one user to another user or group of users
  • Create, edit, or delete the lists themselves

DDM Security

Distributed Data Management (DDM) provides a simple means to access and update data on a target IBM i using programs running on a local IBM i system.

MDCMS, for example, uses DDM to synchronize Project and Workflow information as well as to track object migrations across systems. But if an organization allows DDM to be used without sufficient security measures in place, there’s a significant risk that unauthorized persons can read and manipulate data.

Fortunately with the DDM security features in MDSEC you can:

  • Filter access by user profile
  • Filter access by library
  • Filter access by individual files, data queues, or data areas
  • Filter by usage (view or update)
  • Filter by transaction types
  • Log some or all DDM transactions

MDSEC significantly enhances your ability to easily secure your systems.