iSecurity Authority On Demand Release News
- Changes to a common library, which affect Multi-Factor Authentication but not Authority on Demand.
- Added: MFA – Multi system Self Enrollment
- Added: a SAVF with all PTFs x manual installation.
- Added: the MFA – Multi system module to AOD library.
- Fixed: AOD end of session jobs were ending abnormally (ODATEND) & emails were delayed.
- Fixed: Device PRT99 had been limited to 100,000 records.
- Added: A function that activates command level auditing (*CMD) on the user profile at GETAOD and back at the RLSAOD.
- Added: a Uses column in the STRAOD > 1 (left of rule) and an enhanced Left Uses column.
- Added: AOD + OTP Send Approval by EMail/SMS
- Added: OUTPUT TYPE *OUTFILE *FILE to the DSPODDFN command
- Fixed: User had been signed off when entering the pin code recieved by email.
- Fixed: DSPAODACT had shown session jobs that had already ended as *ACTIVE*.
- Fixed: ODE1080 GETAOD had been rejected because of invalid PIN code. ODE1081 PIN code was not entered. Now we repeat GETAOD.
- Improved performance of internal queries.
- New Feature: When GETAOD is entered without the provider (with the default PRVD(*SELECT)) a screen opens to enable selection of Provider, entering description and related information.
- New feature: Approval by an administrator at real time –
“To be approved by . . UsrPrf/GrpPrf, *SECADM, *AOD-ADMIN”.
GETAOD Requests is “Pending Your Approval” New Feature: Enable administrator to approve in real time a GETAOD request
New Feature: Use MFA beside or in addition to Pin code, when GETAOD is requested.
New Feature: MFA Verification methods are: 1=Cell, 2=Email, 3=Cell+Email (Half & Half)
This method is similar to the one in our MFA product (Person, mail, cell…), but does not require a license for it.New Feature: New “authority” type: 4=Trace (Only. Without changing authority) GETAOD PRVDR(*TRACE) is an alternative
- Template of Reason for GETAOD now supports *number* in addition to *text*
Cumulative changes from recent releases:
- New menu option, 81/9 sets “At-End reports retention”, the data retention period in days. If set to “9999”, the data is retained indefinitely.
- On the DSPAODHST, AOD main menu option 41 screen: the width of the screen is now 132 characters, allowing for two new fields: (the end time of elevated authority) and
- To support iASP, the product subsystem now resides in SMZTMPC (instead of SMZODTA)
- The GETAOD and RLSAOD commands now cannot be used from System Request menu.
- Product only prints journal entries if user made changes during the Authority on Demand session.
Triple Syslog Definitions
Raz‐Lee’s iSecurity™ products now support sending Syslog messages to up to three (3)
SIEM products simultaneously:- In AOD Main Menu, select option
81
.
The SYSLOG message is now enabled for multiple SIEM messages (note theSIEM 1
,SIEM 2
andSIEM 3
option items) and message structures using built‐in as well as mixed variables and constants. - The feature enables adjustable Port, Severity, Facility and Length while offering Syslog Types:
UDP
,TCP
andTLS
(encrypted) support inCEF
andLEEF
and user editable modes, using filters for relevant fields. - Processing of SIEM is done on a separate job per SIEM.
A buffer exists to allow intermediate communication problems, or SIEM downtime. - Once this buffer is full, the processing is delayed.
A message is then sent toQSYSOPR
, and an attempt is reconstructed while communication is made periodically and consistently.
- In AOD Main Menu, select option
In option
5
, new notification message was added to alert customers if the user profile
to add as a provider does not exist in the system.To view this new message, type:
STRAOD>5>F6
and try to add a user named QUQU. The message should pop‐up.
- In
STRAOD>11>31
, activateSBMJOB
handling for1=Add
:- This option is relevant for AOD where the rule uses
1=Add authority
. Once selected, it enables the user to submit jobs which will carry an elevated authority, regardless of the state of the submitting Authority on Demand™ (AOD) sessions. This unique capability is subject to retaining the valueUSER(*CURRENT)
in the submitted job. - Special consideration must be taken when activating the
SBMJOB
command withF4=Prompt
: If the user practicesF4=Prompt
for the command Submit job (SBMJOB
) the parameter Command (CMD
) is not displayed and cannot be changed. To bypass this issue, use the commandAODSBMJOB
instead. This command allows changes to the parameter (CMD
), including the usage ofF4
.
- This option is relevant for AOD where the rule uses
- In
STRAOD>82>11
, useAODSBMJOB
instead ofSBMJOB
:- This is a replacement for the
SBMJOB
command. Using the commandGETAOD
, the user can add an authority session. It enables regular usage of for the Command (CMD
) parameter.
- This is a replacement for the
- In the Display History screen, found in option
41
, there are numerous new selections available (from1-9
), including filtering according toCmd
line,*CSV,
Cmds
,Audit
,STRSQL
,Screens
,DB
andAtEnd
.
- When running Display definition
STRxx>82>5
, and selecting*ALL
, a single spool file is produced instead of several. - A new BASE support menu has been added to all products.
Many of the options from the Maintenance Menu were moved to the BASE Support Menu.
The email options from the Configuration Menu have also been moved to the BASE Support Menu.
To make use of this new feature, the BASE product (SMZ4) MUST be installed first.
To access the BASE Support Menu, select89 – Base Support
from the product Main Menu.