Syncsort has acquired Cilasoft

Read more
Home : Products | EAM

EAM

The Elevated Authority Management Solution for IBM i
CONTEXT

Reduce the number of powerful IBM i user profiles (*ALLOBJ, *SECADM, command line access, etc.) with the ability to elevate the authority of user profiles on an as-needed basis. 

With EAM, all activity from a temporarily elevated profile is logged so a complete audit trail is produced.  EAM gives managers complete control of user activity on the IBM i to help your company meet the most stringent regulatory requirements mandated by SOX, Basel II, PCI-DSS, GDPR, HIPAA, etc. 


DESCRIPTION

With complete managerial control, EAM allows specified users to be temporarily granted an elevated authority, either automatically or on request. Elevated authority can be limited to a specific command, day, time, IP Address and other parameters.   

EAM not only includes an effective and flexible authority management mechanism but also provides a comprehensive monitoring and reporting tool. 

Multiple sources (job log, screen capture, exit points, and system and database journals) are used to exhaustively log all user activity, which creates a complete audit trail.

EAM offers different authority management methods:
  • *SWAP – user is swapped to and inherits the authority of the target profile
  • *ADOPT – user adopts the target profile authorities
  • *LOG – all activity of the user is logged without change to the user’s authorities

With EAM you can:
  • Change system values or user profile attributes without the need to grant permanent *SECADM authority
  • Let users inherit *AUDIT special authority only when required
  • Provide data authority to change production files (DFU, STRSQL, ODBC, etc.) only when needed
  • Automatically log all activity from powerful user profiles
  • Allow user access to a command line on an as-needed basis

EAM adapts easily to changing company needs and requirements thanks to its flexible configuration and capacity to produce pertinent reports.


KEY FEATURES
  • Rule definitions can be created according to: Method (*SWAP, *ADOPT, *LOG) or Context (IP Address, time, date, job, IASP, etc.)
  • Based on source and target profiles including: group profiles, supplemental groups, list of users, command line access
  • Emergency mode with delegation of rule management and complete audit trail
  • Simple, rapid and documented authority request process (default values, pre-filled parameters)
  • Authority request approval can be automatic or manual
  • 5250 and server mode for external processes (ODBC, JDBC, DRDA, FTP)
  • Optional alerts on EAM events delivered via e-mail, popup, syslog: start, end, exceeding authorized time, abnormal end, etc.
  • Control and/or audit of commands, which can hide the job log or end the EAM session
  • Control command line access – even within batch jobs
  • Can reduce user authority if required
  • Logging and reporting of all requests with customizable filters
  • Include in job logs, SQL statements, FTP functions and critical commands
  • Optional ticket management to interface with external helpdesk solutions
  • Multiple report formats available (PDF, XLS, CSV)
  • Capacity to interface with leading SIEM consoles
  • And more

BENEFITS
  • Easily meet requests from users for elevated authorities
  • Satisfy security officers by reducing the number of powerful profiles
  • Satisfy auditors with reporting and alerting capabilities
  • Enforce segregation of duties
  • Significantly reduce security exposures caused by human error
  • Limit access to sensitive data


Try it for yourself.  Experience the power of Cilasoft Software for 30 days—FREE.