Powerful Audit Functions Enhance V2R3 Security

Typography

Smaller Small Medium Big Bigger
Default Helvetica Segoe Georgia Times
Reading Mode

Brief: V2R3 of OS/400 delivers many new security features for the AS/400. Although some of the new functions are designed to meet government requirements, they give every AS/400 shop enhanced audit capacities. This article offers an overview of all the new capabilities, background on audit requirements and suggestions for implementing the new features.

From a security perspective, V2R3 of OS/400 represents the most significant release since the AS/400 was announced in 1988. V2R3 greatly increases your ability to provide audit information about the AS/400 with enhanced facilities which are useful to all systems. The generic reason to provide audit functions on any computer is that system administrators and auditors (e.g., outside accountants) want to monitor the activity of users. Auditing can answer questions such as:

o Which users have accessed or changed a file?

o What commands does a privileged user such as the security officer enter?

o Is there a sudden increase in password failures that may indicate the presence of a hacker?

The audit features of V2R3 record the actions of users and can provide answers to all these questions and more.

The driving force behind the new security features is a U.S. government requirement formally known as the C2 requirements of the Trusted System Evaluation Criteria. On the AS/400, C2 requires a new security level, Level 50. Unless you need to operate in a C2 security environment, use of Level 50 is not recommended because of its significant performance impact. (Level 50 reduces performance by an average of 5 to 15 percent.) For more information on Level 50 and C2 requirements, consult the "C2 Certification and Level 50" sidebar.

This article concentrates on the enhanced audit features. Audit functions make it possible to track updates and changes to data and programs without writing extensive monitoring programs. In addition, when users know that their actions are being recorded and reviewed, the audit process itself can act as a deterrent to unauthorized activity. V2R3 auditing features include new system values, new commands, new attributes in the user profile definition and a new user profile special authority, *AUDIT.

Audit Overview

V2R3 stores data in the audit journal, just as previous releases did. The audit journal provides an efficient way to record events, and data placed in the journal cannot be altered. With the addition of more audit events and object auditing capability comes the potential for a larger volume of data in the audit journal. Under V2R2, you could record all the audit events with minimal impact on system performance. In V2R3, turning on every audit option may result in a significant volume of data and potential performance impacts.

V2R3 expands the events that can be audited to include the audit of object access, the systemwide audit of events and the audit of individual users. The table in 1 shows the growth of the audit capability from V2R2 to V2R3.

V2R3 expands the events that can be audited to include the audit of object access, the systemwide audit of events and the audit of individual users. The table in Figure 1 shows the growth of the audit capability from V2R2 to V2R3.

The audit capability in V2R2 was limited to systemwide events specified in the system value QAUDLVL. V2R3 doubles the number of systemwide events that can be audited. In addition, V2R3 can audit events for an individual user profile. For example, the system can record all the CL commands entered by a specific user. User profile auditing is particularly helpful for monitoring the actions of privileged users (i.e., security officers, system administrators and service profiles).

AUDLVL (User auditing level) is a new attribute in the user profile that specifies the audit events for each user. The Change User Auditing (CHGUSRAUD) command is used to set which events to audit for each user profile. To allow for separation of security and audit duties, the Create User Profile (CRTUSRPRF) and Change User Profile (CHGUSRPRF) commands do not allow setting of the audit criteria. A user must have *AUDIT special authority (discussed in more detail later) to set the audit criteria for users and objects. 2 summarizes the events that can be audited. The values set for QAUDLVL control auditing for all users. Additional auditing can be specified for an individual user profile (e.g., the security officer) using the AUDLVL attribute of the user profile.

AUDLVL (User auditing level) is a new attribute in the user profile that specifies the audit events for each user. The Change User Auditing (CHGUSRAUD) command is used to set which events to audit for each user profile. To allow for separation of security and audit duties, the Create User Profile (CRTUSRPRF) and Change User Profile (CHGUSRPRF) commands do not allow setting of the audit criteria. A user must have *AUDIT special authority (discussed in more detail later) to set the audit criteria for users and objects. Figure 2 summarizes the events that can be audited. The values set for QAUDLVL control auditing for all users. Additional auditing can be specified for an individual user profile (e.g., the security officer) using the AUDLVL attribute of the user profile.

System Values

Five new security-related system values have been added in V2R3 and the QAUDLVL system value has been expanded.

QAUDCTL (auditing control) turns auditing on or off. The options allowed are no auditing (*NONE), object auditing (*OBJAUD) or auditing level (*AUDLVL). Both *OBJAUD and *AUDLVL may be specified simultaneously. A value of *AUDLVL activates auditing of object access based on the values specified in the QAUDLVL system value or the AUDLVL parameter of a user profile.

QAUDLVL (auditing level) controls which events are audited. This value has been expanded in V2R3 to include more systemwide events and to control auditing of user events in conjunction with the AUDLVL parameter of the user profile.

QCRTOBJAUD (create object auditing) specifies the default audit level for new objects. It works in conjunction with the CRTOBJAUD library attribute as explained in the next section.

QAUDFRCLVL (Force auditing data) determines the maximum number of audit records that can be created before the data is forced to auxiliary storage. You can specify any number from 1 to 100, or you can use the default of *SYS to let the system determine the number. The default of *SYS is recommended.

QAUDENDACN (Auditing end action) specifies the action to be taken in the event the system is unable to write an audit record. The default value of *NOTIFY sends a message to the system operator when the system is not able to write an audit record. The other choice, *PWRDWNSYS, immediately terminates operation if the system cannot write an audit record. The default of *NOTIFY is recommended.

QALWUSRDMN (allow user domain objects in libraries) is not associated with the audit function. It is a new system value created specifically to meet C2 requirements. This system value determines the libraries where user domain objects-user space (*USRSPC), user index (*USRIDX) and user queue (*USRQ)-can be created. The default of *ALL is recommended.

Object Audit

One significant V2R3 improvement is the ability to audit successful access to individual objects. Two new commands, Change Object Audit (CHGOBJAUD) and Change Document Library Object Audit (CHGDLOAUD), set the audit criteria for an object to one of the following options:

o *NONE: (Default) No audit of successful access to the object.

o *CHANGE: Audit all users who change the object.

o *ALL: Audit all users who change or reference the object.

o *USRPRF: The audit criteria depends upon the setting of the OBJAUD parameter in the user profile.

When the object indicates *USRPRF, the system determines whether or not to record audit information based on the user profile that requested the function. The user profile has a new attribute, OBJAUD (Object auditing value), that can be set to *NONE, *CHANGE or *ALL. This parameter (like the AUDLVL parameter) is set by the new command CHGUSRAUD. 3 illustrates the interaction of the object and user profile auditing criteria.

When the object indicates *USRPRF, the system determines whether or not to record audit information based on the user profile that requested the function. The user profile has a new attribute, OBJAUD (Object auditing value), that can be set to *NONE, *CHANGE or *ALL. This parameter (like the AUDLVL parameter) is set by the new command CHGUSRAUD. Figure 3 illustrates the interaction of the object and user profile auditing criteria.

The CHGOBJAUD command sets the audit criteria for existing objects. The CRTOBJAUD library attribute (new for V2R3) determines the audit criteria for new objects created in a library. The CRTOBJAUD attribute can be set to *NONE, *CHANGE, *ALL, *USRPRF or *SYSVAL. *SYSVAL determines the audit criteria for new objects in the library based on the system value QCRTOBJAUD. The default for existing libraries will be set to *SYSVAL when V2R3 is installed. The interaction of the CRTOBJAUD library attribute and the QCRTOBJAUD system value is similar to the way library attribute CRTAUT works with system value QCRTAUT to set the public authority.

*AUDIT Special Authority

With V2R3, users in the security officer (*SECOFR) user class receive a new special authority of *AUDIT. The real purpose of this authority is not to give security officers additional authority but to allow the creation of a profile for an auditor. A user with *AUDIT special authority can specify the audit criteria for objects and users as follows:

o Use the CHGUSRAUD command to set the user profile audit criteria.

o Use the CHGOBJAUD and CHGDLOAUD commands to set the object audit criteria.

o Use the Change System Value (CHGSYSVAL) command to set systemwide auditing criteria in the system values QAUDLVL, QAUDCTL, QCRTOBJAUD, QAUDENDACN and QAUDFRCLVL.

IBM introduced the *AUDIT special authority rather than expanding the role of the security administrator (*SECADM) special authority. This allows a midrange shop to separate the audit and security administration roles if desired.

The new special authority falls short of requests made by internal and external auditors. It does not allow an auditor to display the object authority and user profile information he needs. If an auditor displays the authority for an object, he will see the *PUBLIC authority but he will not see users who have more authority than *PUBLIC. An auditor cannot display the user profile of another user unless the auditor is granted access to the user profile.

As a result, under V2R3, auditors must be given *ALLOBJ authority or access to programs that adopt authority for the display of user profiles and object authorities. To eliminate this problem, IBM could expand the *AUDIT special authority to allow a user with *AUDIT special authority to display the user profile and authority for all objects. With all the enhancements implemented by IBM in V2R3, this useful change was overlooked.

Control of User Domain Objects

The C2 requirement which is the basis for most of the V2R3 security enhancements specifies that the system must be able to audit every access to an object. This requirement imposes some restrictions on the use of pointers. (A pointer is initialized when a job resolves the name of an object to an address in memory or on disk.) Most applications are not affected, but an application which attempts to save a pointer for use outside of the job will not be allowed to run on a C2 system.

When an application resolves the name of an object into a pointer, the system can produce an audit record. If an application were allowed to store a resolved pointer for future access by another job, there would be no audit record. Pointers cannot be passed to other jobs because doing so could compromise audit integrity.

The user domain objects *USRSPC, *USRIDX and *USRQ can be used to store pointers. To prevent misuse of user domain objects to store pointers and thus avoid audit, the system value QALWUSRDMN (Allow user domain objects in libraries) was added. This system value determines what libraries can be used to store user domain objects.

The default of *ALL should be used for most systems and has no impact on existing applications. In the C2 environment, the QALWUSRDMN system value must be set to QTEMP so that user domain objects are limited to the job and cannot be used to bypass the audit requirements. QALWUSRDMN can name up to 50 private libraries for storage of user domain objects. However, you should select the default of *ALL unless you operate in a C2 environment.

MI Instructions Blocked

To prevent user applications from storing or obtaining pointers to system control blocks, IBM added three machine interface (MI) instructions to the group of blocked instructions not allowed in user programs. IBM anticipates no impact on user applications as a result of this change, but MI programs are not allowed to use blocked instructions. The three machine instructions are MODS, MATOBJLK and MATAUL. These instructions are disallowed at security levels 40 and 50.

A Word of Caution

The C2 certification of the AS/400 will have little meaning for most AS/400 installations. The major value to most users who do not need C2 is the improved audit functions IBM added to V2R3 to satisfy the C2 criteria. The individual user and object audit features allow installations to record the actions of users. Use these expanded audit features with discretion; otherwise, the volume of audit data can impact system performance.

Wayne O. Evans is an AS/400 security consultant and a frequent speaker on security topics. During his 27 years with IBM Corporation, he was involved with AS/400 security design issues. Direct your security-related questions to Wayne on MC-BBS or by fax at 507-252-9615.

SIDEBAR:

C2 Certification and Level 50

Level 50 changes the way OS/400 operates to meet the requirements for a C2 certified system. Running level 50 security has an adverse performance impact on systems, so its use is not recommended. IBM indicates that Level 50 introduces a 5-15 percent CPU performance impact.

When a system runs Level 50 security, the following changes occur.

Parameter Passing. Level 50 introduces additional checks each time a user application calls any operating-system program running in system state. The system checks every parameter that is passed by the user state program. Both the values and the storage domain of the data are checked to ensure that the application does not cause OS/400 to perform operations that could compromise the integrity of the system. At Level 50, every time an application program performs an I/O operation, the system checks the passed parameters.

Messages. To guarantee the preservation of audit integrity, pointers are removed from messages sent to a user application program from another job. In addition, user applications cannot send exception messages to system programs unless the system program is a request processor or the system program invoked the user application. This change may require modification to some applications.

Internal Control Blocks. Level 50 adds extra protection to prevent modification of the system internal control blocks. RPG and COBOL programs created prior to V2R2 need to be recompiled to run under Level 50 if they use workstation files.

QTEMP Library. At Level 50, a new QTEMP library is created at the start of each job and deleted when the job terminates. At security levels below 50, the system maintains a pool of QTEMP libraries that are cleared at job termination and then assigned to another job. This has a slight impact on the job initiation performance.

At Level 50, the QTEMP library is deleted upon abnormal system termination. However, the objects in the library are not deleted. You will need to run the Reclaim Storage (RCLSTG) command more frequently. At levels below 50, the system deletes the objects stored in the QTEMP library following an abnormal termination.

Powerful Audit Functions Enhance V2R3 Security

Figure 1 Audit Function Enhancements for V2R3

Description of audit function V2R2 V2R3 Number of systemwide audit events 7 14 Number of individual user audit events 0 12 Audit of failed access to objects Yes Yes Audit of successful access to objects No Yes
Powerful Audit Functions Enhance V2R3 Security
Figure 2 Options to Audit Events
Systemwide User Profile Value QAUDLVL AUDLVL Description *NONE o o No events controlled are logged. *AUTFAIL o Authority failure events are logged. *CMD o Commands entered by user are logged. *CREATE o o Object create operations are logged. *DELETE o o Object delete operations are logged. *JOBDTA o o Job start and stop data is logged. *OBJMGT o o Object management functions such as move and rename operations are logged. *OFCSRV o o Office mail actions and changes to the system distribution directory are logged. *PGMADP o o Running programs that adopt authority are logged. *PGMFAIL o System integrity violations are logged. *PRTDTA o Printing a spooled file and sending output directly to a printer are logged. *SAVRST o o Restore operations are logged. *SECURITY o o Security-related functions are logged. *SERVICE o o Use of service tools is logged. *SPLFDTA o o Actions performed on spooled files are logged. *SYSMGT o o Use of system management functions is logged.
Powerful Audit Functions Enhance V2R3 Security
Figure 3 Object Audit Options
User Profile Settings OBJAUD(*NONE) OBJAUD(*ALL) OBJAUD(*CHANGE) OBJAUD(*NONE) no audit no audit no audit OBJAUD(*ALL) any access any access any access OBJAUD(*CHANGE) modify modify modify OBJAUD(*USRPRF) no audit any access modify

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Do your business apps access different data sources? This book shows you how to make that task easier
Book Review: 21st Century RPG: /Free, ILE, and MVC

David Shirey’s first book is an educational and entertaining read for “modern” and “old” RPG programmers alike
Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

If you are ready to get into Web application development, take this book along as your guide
Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

DBAs who use the book will find it very helpful first in their test study and later as a reference book.
Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide

This is a well-written DB2 11 book that could easily stand on its own as a reference manual, not just a certification guide.
Book Review: Free-Format RPG IV, Third Edition

Jim Martin comes through for us again.
Book Review: IBM i Security Administration and Compliance, Second Edition
Book Review: Programming in ILE RPG, Fifth Edition

This book really hits the mark and is a must-read for all RPG developers.
Book Review: DB2 10.1/10.5 for Linux, UNIX, and Windows Database Administration: Certification Guide
Book Review: Subfiles in Free-Format RPG

Whether you're a newbie or a seasoned pro, this book has something for you.
Book Review: Evolve Your RPG Coding: Move from OPM to ILE ... and Beyond

This book provides an amazingly comprehensive introduction to the concepts while at the same time delivering enough technical detail to make you productive very quickly.
Book Review: Database Design and SQL for DB2
Book Review: The Chief Data Officer Handbook for Data Governance

When implemented appropriately, data governance is a powerful framework.
Book Review: DB2 10 for z/OS: The Smarter, Faster Way to Upgrade

Trying to figure out whether to upgrade? Read on.
Book Review: 5 Keys to Business Analytics Program Success
Book Review: DB2 11: The Ultimate Database for Cloud, Analytics, and Mobile
Book Review: Flexible Input, Dazzling Output with IBM i

Today, it's all about input and output. Getting data into the IBM i from non-traditional sources and then displaying it back out again in varied formats. But where can you go to learn all that you need to know about this critical skill?
Book Review: Advanced Guide to PHP on IBM i

Enterprise-level PHP skills and techniques have been adapted for IBM i developers in Kevin Schroeder's new book.
Book Review: Java for RPG Programmers

If you've been putting off learning Java, you have no excuse anymore!
Book Review: DB2 10.1 Fundamentals: Certification Study Guide

Too valuable to be classified as merely excellent certification material, this book should also rightly take its place on DB2 DBA bookshelves as a solid day-to-day DB2 reference.
Book Review: DB2 10 for Z/OS Database Administration: Certification Study Guide

Whether you're trying to get certified or you just need a great reference book, this is the book for you.
Book Review: Developing Web 2.0 Applications with EGL for IBM i

It's everything you need to know, from the bottom up.
Book Review: Advanced Integrated RPG

Isn't it about time somebody told us how to integrate RPG and Java?
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: Managing Without Walls

If you manage remote or satellite teams, this book is a must-read!
Book Review: The Remote System Explorer

This book speaks directly to the thousands of IBM i programmers who develop in RPG, COBOL, CL, and DDS every day.
Book Review: IBM System i APIs at Work, Second Edition

API expert Bruce Vining delivers the only comprehensive guide to APIs.
Book Review: Functions in Free-Format RPG IV

This one short volume manages to essentially be both a general introduction and a detailed reference.
Book Review: DB2 11: The Database for Big Data and Analytics
Book Review: IBM Mainframe Security: Beyond the Basics

Beginners will have a strong foundation after reading this book. Experienced professionals will reference it frequently.
Book Review: IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance

Find out how IBM is addressing the challenges of big data.
Book Review: Fundamentals of Technology Project Management

Projects can be overwhelming, but taken in small, deliberate steps, all projects are achievable.
Book Review: Customer Experience Analytics

Use CEA as a strategic weapon to stay ahead of your competitors.
Book Review: Big Data Analytics: Disruptive Technologies for Changing the Game

The disciplines of data analytics are evolving to meet the new challenges of big data.
Book Review: IBM i Security: Administration and Compliance

If you have any interest in IBM i security, whether as an administrator, a programmer, or an auditor, then this book is the perfect resource.
Book Review: DB2 9.7 for Linux, UNIX, and Windows Database Administration (Exam 541)

This book, written by the creator of the certification exam, reveals exactly what you'll need to know to prep for the test.
Book Review: Selling Information Governance to the Business

Who governs the information that runs your company?
Book Review: You Want to Do WHAT with PHP?

If you're serious about programming in PHP, get a book that treats you that way.
Book Review: The IBM i Programmer's Guide to PHP

Both a primer and a reference, this book is a must-have for anyone who wants to program in PHP.
Book Review: JavaScript for the Business Developer

There's no faster, easier way to become proficient in JavaScript.
Book Review: SOA for the Business Developer

If you want to know how SOA works in the real world, this is your book.
Book Review: DB2 9 Fundamentals

Whether you want to obtain an IBM certified DB2 professional certification or simply become well-rounded in the fundamental concepts of DB2 and general database theory, this is your book.
Book Review: The Modern RPG IV Language, Fourth Edition

This book isn't a training manual; it's a reference book.

Resource Center

Node.js on IBM i Webinar Series Pt. 2: Setting Up Your Development Tools

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:
Profound Logic Solution Guide

More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
Power10 Power Hour

IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:
Comply in 5! Well, actually UNDER 5 minutes!!

TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Combating Ransomware: Building a Strategy to Prevent and Detect Attacks

Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Top IBM I Security Vulnerabilities and How to Address Them

IT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.
What Most IBM i Shops Get Wrong About the IFS

Can you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:
Backup and Recovery on IBM i: Your Strategy for the Unexpected

Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Manage IBM i Messages by Exception with Robot

Managing messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:
Easiest Way to Save Money? Stop Printing IBM i Reports

The thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:
Hassle-Free IBM i Operations around the Clock

For over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:
Why Migrate When You Can Modernize?

Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
The Power of Coding in a Low-Code Solution

When it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:
Low Code: A Digital Transformation of Supply Chain and Logistics

Supply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:
Resource Center

The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit
Node Webinar Series Pt. 1: The World of Node.js on IBM i

Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.
IBM i Transformation Risks Every Business Leader Should Know

Join us for this hour-long webcast that will explore:
What to Do When Your AS/400 Talent Retires

IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:

Analytics & Cognitive Categories

Latest Analytics & Cognitive News

Career Catgories

Latest Career News

Cloud Categories

Latest Cloud News

IT Infrastructure Categories

Latest IT Infrastructure News

News Categories

Latest News

Programming Categories

Latest Programming News

Security Categories

Latest Security News

Typography

Share This

Powerful Audit Functions Enhance V2R3 Security

Figure 1 Audit Function Enhancements for V2R3

Powerful Audit Functions Enhance V2R3 Security

Figure 2 Options to Audit Events

Powerful Audit Functions Enhance V2R3 Security

Figure 3 Object Audit Options

LATEST COMMENTS

MC Press Online

Support MC Press Online

Book Reviews

Book Review: Extract, Transform, and Load with SSIS

Book Review: 21st Century RPG: /Free, ILE, and MVC

Book Review: Developing Business Applications for the Web--With HTML, CSS, JSP, PHP, ASP.NET, and JavaScript

Book Review: DB2 10.5 Fundamentals for LUW: Certification Study Guide (Exam 615)

Book Review: DB2 11 for z/OS Database Administration—Certification Study Guide