Ü  SECURITY

·         AS400 security is related to creating limitations to a user for what he can access, operate and manage in the system.

 

Ü User profile

·         User profiles are used to identify users to the systems and verify authorities on the system (DSPUSRPRF, CHGUSRPRF, EDTOBJAUT)

·         User profiles tell the system who can sign on and what functions the user can perform on the system on the system resources after signing on.

·         The security officer or security administrator can create it.

·         The user profile defines the following attributes for a particular user

1)      User class

2)      Object owned and authorized

3)      Authorization of objects

4)      Current library

5)      Initial program and menu

6)      Maximum storage allowed

7)      Priority limit

8)      Group profile

 

                         Create User Profile (CRTUSRPRF)                        
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 User profile . . . . . . . . . . > iRobo         Name                          
 User password  . . . . . . . . .   *USRPRF       Character value, *USRPRF...   
 Set password to expired  . . . .   *NO           *NO, *YES                     
 Status . . . . . . . . . . . . .   *ENABLED      *ENABLED, *DISABLED           
 User class . . . . . . . . . . .   *USER         *USER, *SYSOPR, *PGMR...      
 Assistance level . . . . . . . .   *SYSVAL       *SYSVAL, *BASIC, *INTERMED... 
 Current library  . . . . . . . .   *CRTDFT       Name, *CRTDFT                 
 Initial program to call  . . . .   *NONE         Name, *NONE                   
   Library  . . . . . . . . . . .                 Name, *LIBL, *CURLIB          
 Initial menu . . . . . . . . . .   MAIN          Name, *SIGNOFF                
   Library  . . . . . . . . . . .     *LIBL       Name, *LIBL, *CURLIB          
Display sign-on information  . .   *SYSVAL       *SYSVAL, *NO, *YES        
 Maximum allowed storage  . . . .   *NOMAX        Kilobytes, *NOMAX             
 Highest schedule priority  . . .   3             0-9                           
 Job description  . . . . . . . .   QDFTJOBD      Name                          
   Library  . . . . . . . . . . .     *LIBL       Name, *LIBL, *CURLIB    
                                                                                
 Group profile  . . . . . . . . .   *NONE         Name, *NONE                   
 Owner  . . . . . . . . . . . . .   *USRPRF       *USRPRF, *GRPPRF              
 Group authority  . . . . . . . .   *NONE         *NONE, *ALL, *CHANGE, *USE... 
 Group authority type . . . . . .   *PRIVATE      *PRIVATE, *PGP                

                                                                        More... 
 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    
 F24=More keys                                                                  


 

¤ User class

When identifying a user on the system you can specify the user class in the user profile. AS/400 has five user classes that determine the level of system’s access a user is permitted. The five user classes, starting the highest level of access, are:

ü  Security officer (*SECOFR)

ü  Security administrator (*SECADM)

ü  Programmer (*PGMR)

ü   System operator (*SYSOPR)

ü  User (*USER)

 



¤ Object Authority

Object authority, or the right to user to use or control an object comes in two categories.

·         Object rights

·         Data rights

 

Object Authority Type

 

*EXCLUDE   è    The user cannot access the object.

*CHANGE     è    The user can change and perform basic functions on the object.

*ALL              è   The user can control the object's existence, specify the security for the object, change the

                             Object, and perform basic functions on the object.      

*USE             è    The user can perform basic operations on the object, such as running a program or reading

                            a file. The user cannot change the object. 

 

 

·        Object rights

Object rights assign a user the following authority

·         Operational rights (*OPER)

·         Object management rights (*OBJMGT)

·         Object existence rights (*OBJEXT)

·         Object Alter rights

·         Object ref rights

 

*OBJEXIST   è  Object existence authority provides the authority to control the object's existence and

                              ownership like delete an object, free storage for an object, perform save  and restore  

                              operations for an object, or transfer ownership of an object.

 

*OBJMGT   è    Object management authority provides the authority to the security for the object, move or

                              rename the object, and add members to database files.      

     

*OBJOPR    è   Object operational authority provides authority to  look at the description of an object and

                             to use the object as determined by the user's data authority to  the object.

 

 

·         Data rights

Data rights apply to the data contained within the object.


*ADD    è   Add authority provides the authority to add entries to an object (for example, job entries to an

queue or records to a file).   

 

*DLT    è   Delete authority allows the user to remove entries from an object (for example, remove  

messages from a message queue or records from a file.)

 

*READ è Read authority provides the authority needed to show the contents of an object.                            

 

*UPD    è Update authority provides the authority to change the  entries in an object.  

 

*EXECUTE  è Execute authority provides the authority needed to run a program or locate an object in a

library or   directory.

 

 

                      

 

                             Edit Object Authority

Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE
Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE
Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS

Type changes to current authorities, press Enter.

Object secured by authorization list  . . . . . . . . . . . .   *NONE

Object    ----------Object-----------
User        Group       Authority  Opr  Mgt  Exist  Alter  Ref
*PUBLIC                 *CHANGE     X
*GROUP      G#SAFE      *ALL        X    X     X      X     X


                                                                     Bottom
F3=Exit   F5=Refresh   F6=Add new users     F10=Grant with reference object
F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 

 

OBJECT AUTHORITY: *USE, *CHANGE, *

 

                         

                                 Add New Users                                  

Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE
Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE
Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS

Type new users, press Enter.

Object    ----------Object-----------
User        Authority  Opr  Mgt  Exist  Alter  Ref

_______      _______    __   __   __     __     __



                                                                   More...
F3=Exit   F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 



                                 Add New Users                                  
                                                                                
 Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE       
   Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE        
 Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS      
                                                                                
 Type new users, press Enter.                                                   
                                                                                
              Object    ---------------Data---------------                      
 User        Authority  Read  Add  Update  Delete  Execute                      
 Z03OPER     *USE       _x__   __   __      __      __                          
                                                                                

 

 

                               Work with Objects                                
                                                                                
 Type options, press Enter.                                                     
   2=Edit authority        3=Copy   4=Delete   5=Display authority   7=Rename   
   8=Display description   13=Change description                                
                                                                                
 Opt  Object      Type      Library     Attribute   Text                        
 2    ADDCL       *PGM      AMINEM      CLP         clp prm to add 2 var        
      CAP52I00    *PGM      AMINEM      CBL         Account fee condition intro 
      CFP13RA0M   *PGM      AMINEM      CBL         Fee Statement Extraction pg 
      ENTRY_CL    *PGM      AMINEM      CLP         ENTRY CL PGM                
      FPT1_PGM    *PGM      AMINEM      RPG         entry pgm to be called      
                                                                        More... 
 Parameters for options 5, 7 and 13 or command                                  
 ===>                                                                           
 F3=Exit   F4=Prompt   F5=Refresh   F9=Retrieve   F11=Display names and types   
 F12=Cancel   F16=Repeat position to   F17=Position to                          
Not authorized to change authorities.     >>>>>>>>>>>>>>>>>>>>>>>>

 

 

 

                             Edit Object Authority                              
                                                                                
 Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE       
   Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE        
 Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS      
                                                                                
 Type changes to current authorities, press Enter.                              
                                                                                
   Object secured by authorization list  . . . . . . . . . . . .   *NONE        
                                                                                
                          Object    ----------Object-----------                 
 User        Group       Authority  Opr  Mgt  Exist  Alter  Ref                 
 *PUBLIC                 *CHANGE     X                                          
 *GROUP      G#SAFE      *ALL        X    X     X      X     X                  
 Z03OPER                 USER DEF    X    X     X      X     X                  

          




Object    ---------------Data---------------
User        Group       Authority  Read  Add  Update  Delete  Execute
*PUBLIC                 *CHANGE     X     X     X       X        X
*GROUP      G#SAFE      *ALL        X     X     X       X        X
Z03OPER                 USER DEF    X


Bottom
F3=Exit   F5=Refresh   F6=Add new users     F10=Grant with reference object
F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 

                               Work with Objects                                
                                                                                
 Type options, press Enter.                                                     
   2=Edit authority        3=Copy   4=Delete   5=Display authority   7=Rename   
   8=Display description   13=Change description                                
                                                                                
 Opt  Object      Type      Library     Attribute   Text                        
      ADDCL       *PGM      AMINEM      CLP         clp prm to add 2 var        
      CAP52I00    *PGM      AMINEM      CBL         Account fee condition intro 
      CFP13RA0M   *PGM      AMINEM      CBL         Fee Statement Extraction pg 
      ENTRY_CL    *PGM      AMINEM      CLP         ENTRY CL PGM                
      FPT1_PGM    *PGM      AMINEM      RPG         entry pgm to be called      
      GEN         *PGM      AMINEM      RPGLE       GENERATION OF ACCOUNT NUMBE 
                                                                        More... 
 Parameters for options 5, 7 and 13 or command                                  
 ===> call aminem/addcl                                                         
 F3=Exit   F4=Prompt   F5=Refresh   F9=Retrieve   F11=Display names and types   
 F12=Cancel   F16=Repeat position to   F17=Position to                          
 
Not authorized to program ADDCL in library AMINEM.     >>>>>>>>>>>>>>>>>>>>>>

 

 



Ü Group profile

 

It is a profile that facilitates a number of users to get the same authority for an object.

 

Authority List (*AUTL) è If we want different authority to different user, then we go for Authority List.

                       Create Authorization List (CRTAUTL)                      
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 Authorization list . . . . . . .   AUTH01        Name                          
 Text 'description' . . . . . . .   *BLANK                                      
                                                                                
                                                                                
                            Additional Parameters                               
                                                                                
 Authority  . . . . . . . . . . .   *USE          *CHANGE, *ALL, *USE, *EXCLUDE 
                                                                                
                                                                                
                                                                           
                                                                                
                                                                                
                                                                         Bottom 
 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    
 F24=More keys                                                                  


Authorization list AUTH01 created.        

                     Add Authorization List Entry (ADDAUTLE)                    
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 Authorization list . . . . . . . > AUTH01        Name, generic*                
 User . . . . . . . . . . . . . . > AJAISWAL      Name                          
                + for more values   +             >>>>>>>>>>>>>>> To add more user
 Authority  . . . . . . . . . . .   *CHANGE       *EXCLUDE, *CHANGE, *ALL...    
                + for more values                                               
                                                                                

                                                                
                                                                                
                                                                                
                                                                         Bottom 
 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    
 F24=More keys                                                                  

                          











User Comments:



Copyright © www.go4as400.com, 2013-2023. Copyright notice   Terms of services   Privacy policy