iSecurity Authority On Demand Release News

  • Changes to a common library, which affect Multi-Factor Authentication but not Authority on Demand.
  • Added: MFA – Multi system Self Enrollment 
  • Added: a SAVF with all PTFs x manual installation.
  • Added: the MFA – Multi system module to AOD library.
  • Fixed: AOD end of session jobs were ending abnormally (ODATEND) & emails were delayed.
  • Fixed: Device PRT99 had been limited to 100,000 records.
  • Added:  A function that activates command level auditing (*CMD) on the user profile at GETAOD and back at the RLSAOD.
  • Added: a Uses column in the STRAOD > 1 (left of rule) and an enhanced Left Uses column.
  • Added: AOD + OTP Send Approval by EMail/SMS
  • Added: OUTPUT TYPE *OUTFILE *FILE to the DSPODDFN command
  • Fixed: User had been signed off when entering the pin code recieved by email.
  • Fixed: DSPAODACT had shown session jobs that had already ended as *ACTIVE*.
  • Fixed: ODE1080 GETAOD had been rejected because of invalid PIN code. ODE1081  PIN code was not entered. Now we repeat GETAOD.
  • Improved performance of internal queries.
  • New Feature: When GETAOD is entered without the provider (with the default PRVD(*SELECT)) a screen opens to enable selection of Provider, entering description and related information.
  • New feature: Approval by an administrator at real time –
    “To be approved by  . .                UsrPrf/GrpPrf, *SECADM, *AOD-ADMIN”.
    GETAOD Requests is “Pending Your Approval”

  • New Feature: Enable administrator to approve in real time a GETAOD request

  • New Feature: Use MFA beside or in addition to Pin code, when GETAOD is requested.

  • New Feature: MFA Verification methods are:  1=Cell, 2=Email, 3=Cell+Email (Half & Half)
    This method is similar to the one in our MFA product (Person, mail, cell…), but does not require a license for it. 

  • New Feature: New “authority” type: 4=Trace (Only. Without changing authority)    GETAOD PRVDR(*TRACE) is an alternative

  • Template of Reason for GETAOD now supports *number* in addition to *text*

  • Cumulative changes from recent releases:

    1. New menu option, 81/9 sets “At-End reports retention”, the data retention period in days. If set to “9999”, the data is retained indefinitely.
    2. On the DSPAODHST, AOD main menu option 41 screen: the width of the screen is now 132 characters, allowing for two new fields: (the end time of elevated authority) and
    3. To support iASP, the product subsystem now resides in SMZTMPC (instead of SMZODTA)
    4. The GETAOD and RLSAOD commands now cannot be used from System Request menu.
    5. Product only prints journal entries if user made changes during the Authority on Demand session.
  • Triple Syslog Definitions

    Raz‐Lee’s iSecurity™ products now support sending Syslog messages to up to three (3)
    SIEM products simultaneously:

    • In AOD Main Menu, select option 81.
      The SYSLOG message is now enabled for multiple SIEM messages (note the SIEM 1SIEM 2 and SIEM 3 option items) and message structures using built‐in as well as mixed variables and constants.
    • The feature enables adjustable PortSeverityFacility and Length while offering Syslog TypesUDPTCP and TLS (encrypted) support in CEF and LEEF and user editable modes, using filters for relevant fields.
    •  Processing of SIEM is done on a separate job per SIEM.
      A buffer exists to allow intermediate communication problems, or SIEM downtime.
    • Once this buffer is full, the processing is delayed.
      A message is then sent to QSYSOPR, and an attempt is reconstructed while communication is made periodically and consistently.

  • In option 5, new notification message was added to alert customers if the user profile
    to add as a provider does not exist in the system.

    To view this new message, type: STRAOD>5>F6 and try to add a user named QUQU. The message should pop‐up.

  • In STRAOD>11>31, activate SBMJOB handling for 1=Add:
    • This option is relevant for AOD where the rule uses 1=Add authority. Once selected, it enables the user to submit jobs which will carry an elevated authority, regardless of the state of the submitting Authority on Demand™ (AOD) sessions. This unique capability is subject to retaining the value USER(*CURRENT) in the submitted job.
    • Special consideration must be taken when activating the SBMJOB command with F4=Prompt: If the user practices F4=Prompt for the command Submit job (SBMJOB) the parameter Command (CMD) is not displayed and cannot be changed. To bypass this issue, use the command AODSBMJOB instead. This command allows changes to the parameter (CMD), including the usage of F4.
  • In STRAOD>82>11, use AODSBMJOB instead of SBMJOB:
    • This is a replacement for the SBMJOB command. Using the command GETAOD, the user can add an authority session. It enables regular usage of for the Command (CMD) parameter.
  • In the Display History screen, found in option 41, there are numerous new selections available (from 1-9), including filtering according to Cmd line,*CSV, CmdsAuditSTRSQLScreensDB and AtEnd.
  • When running Display definition STRxx>82>5, and selecting *ALL, a single spool file is produced instead of several.
  • A new BASE support menu has been added to all products.
    Many of the options from the Maintenance Menu were moved to the BASE Support Menu.
    The email options from the Configuration Menu have also been moved to the BASE Support Menu.
    To make use of this new feature, the BASE product (SMZ4) MUST be installed first.
    To access the BASE Support Menu, select 89 – Base Support from the product Main Menu.