Welcome to Powertech Authority Broker
All too often, IBM i users are inadvertently given access to accounts with special authorities like *ALLOBJ, even though the user has no need for such powerful privileges. The user may only need access to a specific application or task, and any excessive authority poses an unnecessary security risk. To eliminate this security risk, Powertech offers Authority Broker.
With Authority Broker, System Administrators have the ability to limit access to powerful user profiles and control access to sensitive databases and programs. Users can be granted temporary authority that is either more or less powerful than their usual settings, and in cases where the user needs higher authority, they can temporarily change to that authority if the administrator has granted them sufficient privileges. In cases where a user would be safer operating under less authority, they can again temporarily change to that authority with the system administrator's advance approval.
Authority Broker, which can be called from command line or batch processes, is similar to the "su" capability of UNIX. But unlike "su", Authority Broker provides additional capabilities such as full auditing and reporting of all changes to authority, as well as comprehensive auditing of the actions the user performs under the assumed authority.