General Discussion
In reply to the discussion: Report Indicates Snowden/Greenwald Lied About Key Claims [View all]dkf
(37,305 posts)Special Authorities
Special authorities ( *Allobj, *Secadm, *Splctl, *Iosyscfg, *Audit, *Jobctl, *Service, *Savsys) are special authorizations or super user like capabilities granted to user profiles to allow security-sensitive functions to be performed for specific reasons, such as program development, system administration, or system operation, for example. These rights are powerful and should be reserved only for trusted and knowledgeable IT professionals.
Auditors check for the abuse of special authorities as part of any standard audit of the System i. Even those auditors who are not very familiar with OS/400 are aware of this issue from their work on other platforms.
In a presentation at the Gartner IT security summit in 2004, Ernst and Young noted that two of their top 10 concerns in audit reviews of IT systems were
Large number of users with access to super user transactions in production
Development Staff can run business transactions in production.
http://www.powertech.com/guides/compliance/special_authorities.htm