Powertech Policy Minder for IBM i

July 2025

Version 2.4

July 29, 2025

Enhancements

  • The default email subject line for a Compliance Report does not indicate the report name or date and time. A new data area may be used to include this information in the subject line where no email rules have been defined. Please see the User Guide for more information.

  • The Maximum sign-on attempts override value on the User Profile in IBM i 7.5 has been added to the product.

  • System values QAUDLVL and QAUDLVL2 now include values: *NETSECURE, *NETTELSVR, and *NETUDP.

  • Various minor screen updates have been performed, enhancing the user experience.

Fixes

  • Fixed an error that could cause the system value for QTIMADJ to be reported as non-compliant when changing the policy to *NONE.

  • When adding a Directory Object template in the Web UI, an incorrect message 'Object name is required' could be issued. This has been corrected.

  • Fixed an issue using the Web UI where the Object and Directory template was missing the option of Authorization List for Public authority.

  • Fixed an issue in the Web UI where the directory authorities could show as non-compliant.

  • A 'Subfile record not found' message could be displayed when making policy changes. This was cosmetic only and has now been suppressed.

  • Fixed an issue where the FIXIT process was not removing journaling in some situations.

  • Fixed an issue where an interactive screen could freeze when editing an object template that had just been imported via the web UI.

  • An issue where files remained locked has been resolved.

  • An issue where an email message was taking longer than expected to send and causing the CHECK process to fail has been resolved.

  • An issue where the reports were not available in the Web Interface has been corrected.

  • An issue arising when changing the Directory Authorities, causing the process to abort, has been resolved.

  • An issue where the *TCPIP compliance report has incorrect out-of-compliance indicators has been resolved.

  • Multiple MCH1202 errors could be logged to the joblog when running the OUTCPL command. This has been corrected.

  • Accessing the Web UI with an incorrect URL displayed the application interface but resulted in an error message. This has been corrected.

  • Fixed an issue with how File Shares were being displayed on the Compliance report.

  • Fixed an error that occurred when viewing compliance of an Authorization List with more than 1,000 entries.

  • This release includes general security fixes.

July 2022

Version 2.3

July 19, 2022

Enhancements

  • For system value policy QSSLCSL, all new values introduced in IBM i 7.4 are now supported.

  • For system value policy QSSLPCL, the *TLSV1.3 value is now supported.

Fixes

  • Updated to Log4j 2.17 to resolve vulnerabilities.

  • *DIRAUT policy now correctly allows new directory.

  • Fixed an issue where the license screen could not be displayed if the SKYPM menu was displayed, without first explicitly adding the product library to the library list.

  • Fixed an issue where failed upgrades were being reported as successful.

  • Fixed an issue where CHECK command fails to run DB reorganization step.

  • Fixed USROBJ category in Policy Minder WEB UI showing value *ANY as out of compliance.

  • Fixed an issue when configuring the JOBD category, where changes to the job descriptions on the policy list were not saved.

  • Fixed an issue where compliance displayed for DIRAUT was incorrect.

  • ANZSQLINF report now displays all programs with a Dynamic SQL statement.

  • Fixed an issue with value prompting that occurred when the user defined an object template under Directory Authorities.

  • Fixed an issue where not all system values were being displayed on IBM i 7.4 systems.

  • Fixed "Date too short for specified format" error.

  • Fixed an issue where authorization list values in Compliance check become hidden.

  • Fixed an issue with *ALLCRTCHG missing from system value policy QPWDRULES.

  • Fixed an issue where email addresses that contained a numeric value as a leading character generated an error.

  • Fixed an issue where library templates that used "?" in position 10 caused a check to fail.

  • Fixed an issue where email sending could fail if multiple instances of the command SNDEMLMSG existed on a system.

August 2018

Version 2.2
Enhancement
  • A new version of MSS has been introduced.
Fixes
  • An issue causing missing libraries in the *LIBAUT template in WRKPOL has been resolved.
  • Policy Minder libraries are now shipped with Object Authority *PUBLIC *EXCLUDE *CHANGE.
  • An issue causing the INZPOL command to fail to release a lock on the relevant record in the SKYCA file when used on some categories has been resolved.
  • An issue with the FIXLIBAUT command preventing new libraries from being fixed instantly has been resolved.
  • An issue causing missing entries subsequent to entries containing the ? (wildcard) character after save in the *USRPRF template has been resolved.
  • An issue preventing MSS template import across Policy Minder versions has been resolved.
  • A problem causing option 12 in Work with Compliance to incorrectly report that a compliance check has not been done has been resolved.
  • An issue preventing the ability to download reports after upgrading from version 1.6 to 2.1 has been resolved.
  • A problem causing incomplete policy export has been resolved.

March 2018

Version 2.1
  • The ANZSQLINF report now lists only programs with embedded SQL and those that include at least one PREPARE, EXECUTE, or DESCRIBE statement.
  • A problem causing missing libraries when using a generic character (e.g. D*) in WRKPOL while changing *LIBAUT templates has been resolved.
  • The object authority on Policy Minder libraries SKYVIEWPMP and SKYVIEWPMD has been corrected. It is now *PUBLIC *EXCLUDE (not *PUBLIC *CHANGE).
  • The INZPOL command no longer fails to release a lock on the relevant record in the SKYCA file when used on the following categories:
    • *SHARES Record 9
    • *LMTCMD Record 10
    • *JOBD Record 11
    • *USROBJ Record 12

January 2018

Version 2.0
New Features
  • *USRPRF (User Profile category):
    • Multiple *DELETE templates can now be created and the *DELETE template that is shipped with the product can be deleted. Creating a new template whose name starts with ‘*DELETE’ will automatically use the *DELETE template format.  This allows you to have a scheduled job to automatically delete inactive profiles and use another *DELETExx template to delete profiles on an ad hoc basis.
    • You can now include or omit profiles based on the password last changed date. This is especially helpful for organizations that perform frequent role swaps. The users’ last sign on date is not replicated so it’s difficult to know when a profile is inactive. However, the user’s password is replicated; therefore, you can know that a profile is inactive by examining the password last changed date.
    • A new value - *SPCGRP – is available that includes (or omits) profiles whether the special authority is assigned to the user or one of the group profiles. The current value *SPCAUT only includes profiles where the special authority is assigned directly to the profile.
    • You can now check and fix the Printer, Output queue, and Object owner user profile attributes.
      • The Owner attribute has been changed to be Profile owner to clarify that this attribute is the user profile owner, and not the object owner.
  • *LIBAUT (Library authority category):
    • The maximum number of object templates has been increased from 999 object templates to 9999.
    • Attributes have been created that will allow you to Include or Omit files (tables) that have been created using SQL. 
      • PF-TBL – SQL table
      • LF-INDEX – SQL index
      • LF-VIEW – SQL view
  • *DIRAUT (Directory authority category):
    • The maximum number of object templates has been increased from 999 object templates to 9999
  • *SHARES: The Access attribute has been added to each share to indicate whether the share is a Read/Write or Read-only share.  If you are already using this category, the attribute will be added to the existing policy when you upgrade the product.
  • Exporting individual policies: You can now export an individual template.  This allows you to more easily manage your policies from a central partition and not have to export an entire category.
  • Output Compliance (OUTCPL) command: This command now allows you to:
    • Send the results of a compliance check to an outfile or streamfile for all categories.  In previous releases only the *USRPRF, *LIBAUT and *DIRAUT categories were supported by this command.
    • Email the streamfile (.csv) off the system.
  • New FIXIT parameter: A parameter has been added to suppress the compliance check that, by default, occurs after FixIt runs.  This is helpful when you have a limited time to run FixIt – this often occurs when you must run FixIt when objects aren’t in use (that is, locked) and have to run FixIt during an outage.  Now you can schedule or run FixIt during the outage and run the compliance check after the system has been brought back up.
  • Email support: Policy Minder now allows you to specify the sender of the email. Previous releases hard-coded the sender to the profile running the compliance check @partition_name.com. When the partition name wasn’t a valid domain name, the email often failed to send.
Enhancements
  • You can now create a *USRPRF, *LIBAUT and *DIRAUT template that specifies objects that don’t exist when either Including or Omitting objects or when defining the policy values (for example, the authorization list securing objects in a library.) Previously, the objects had to exist. This change will allow you to more easily manage policies from a central partition without having to create objects so the template could be created.
  • Option 11 – FixIt (on the Policy Minder Main Menu) now prompts the FIXIT command, defaulting to run in Test mode rather than prompting to run FIXIT by category.
  • Changing a System value category or a template in the *USRPRF, *LIBAUT or *DIRAUT categories to disable the compliance check will no longer automatically cause the category to be out of compliance. In previous releases, disabling the compliance check on one of these set the compliance status of the category to Not compliant, even when the items checked were all compliant.
  • Alerts sent to Vision Solutions’ VSP and iOptimize will no longer occur.

Back to Powertech Products