Many IBM i shops have wide open access through the IBM i NetServer which was previously known as “Windows Network Neighborhood”. NetServer gives users access to file and print serving on their IBM i and is a potential source of unauthorized access to your system when it is not controlled.
Starting in IBM i OS release level 7.5, customers are getting another tool to add to their toolbox to control access via NetServer. With this change in the IBM i OS, you will now be able to control who uses NetServer to access files and reports using an authorization list. The authorization will let you control access to the server and it also extends to individual shares.
An important note to take into account, if a user profile has *ALLOBJ authority, then the authorization list restriction will be ignored. This is yet another reason to examine your system for user profiles with excessive authority in place.
Here’s how this new feature in the OS works:
Note: For clarity and maintainability, create a new authorization list for each file share being secured rather than re-using an existing authorization list.
If you want more granular access controls, like granting or denying based on the objects being accessed, then you will have to look into an exit point solution like SafeNet.