An Introduction to Implementing Object-Level Security in IBM OS/400 with Comparisons to Windows and Unix Permissions

Access control is a major component of defense-in-depth. Object-level security, which is controlling who has access to objects on a system and what type of access they have, is an important part of providing for the appropriate level of confidentiality, integrity, and availability. The purpose of this paper is to give an introduction to the implementation of object security in OS/400 and show how to keep that implementation simplified, and to make cross comparisons to Unix and Windows permissions where appropriate. It will serve as an introduction to OS/400 object-level authority for those new to or unfamiliar with OS/400, and will be a guide for those expanding their understanding of OS/400 object authority into Unix or Windows file systems and permissions, and how they are implemented in OS/400's Integrated File System (IFS). The integrated object-level security of OS/400, IBM's midrange object-based operating system, provides the ability to grant fine-grained authority for individual objects to users or groups of users. Security administrators need to understand how to implement OS/400's object-level security simply in its various file systems to allow them to correctly configure the proper access control for the AS/400.