Product Sheet: Assure Elevated Authority Manager
Assure Elevated Authority Manager offers easy, complete control of elevated IBM i (AS/400) user authorities.
Having too many powerful user profiles leaves the security of your IBM i (AS/400) system and data exposed. In fact, security and compliance auditors prefer that IBM i users be given only the authorities required to perform their jobs, and that they be granted additional authority only when needed and only for the time required.
Assure Elevated Authority Manager, a feature of Assure Security, and part of its Assure Access Control feature bundle, enables you to reduce the number of powerful IBM i user profiles in your environment by allowing you to easily elevate the authority of user profiles on an as-needed basis. Elevated authority can be granted by an administrator upon request or automatically based on pre-configured rules, and it can be limited to a specific command, day, time, IP address or other parameters.
Our product also enables comprehensive monitoring and reporting on elevated profiles. A graphical dashboard shows the users who are elevated, how long they’ve been elevated and more. The activities of elevated profiles are also exhaustively logged using multiple sources to create a full audit trail.
Assure Elevated Authority Manager gives you complete control of IBM i user authorities to help your company meet the most stringent regulatory requirements mandated by SOX, PCI-DSS, HIPAA, GDPR and more.
- Makes it easy to manage user requests for elevated authorities
- Satisfies security officers by enabling you to reduce the number of powerful user profiles
- Produces necessary alerts, reports and a comprehensive audit trail
- Enforces segregation of duties
- Reduces the risk of unauthorized access to sensitive data
- Significantly reduces security exposures caused by human error
How Assure Elevated Authority Manager Works
With Assure Elevated Authority Manager, when a user needs additional authority for a specific action, they ask for elevation of authority within their job. That request must specify a profile with the authority needed and the command to be run. Requests can be accepted by the administrator, or when configured to automatically grant requests, rules defined by the administrator are consulted to determine whether the request should be granted.