Work with Authority Broker Product Settings

NOTE: The Powertech installation procedure creates libraries, profiles, authorization lists, commands, objects, and, in some cases, exit points on your system. Changing the configuration of any of these installed application components may result in product failure.

The Work with Product Settings screen allows you to set the initial system values for Authority Broker.

How to Get There

  1. From the Authority Broker Main Menu, select option 5.
  2. From the Authority Broker Configuration Menu, select option 13.
NOTE: The Product Owner, Product Library, and Product Administrator system values cannot be changed after Authority Broker has been installed. However all other system values can be changed at any time.

What it Does

Work with Authority Broker Product Settings allows you to maintain product level settings for Authority Broker. Changes to these values take effect immediately. Values for Product owner, Product library, and Product administrator are for informational purposes only and are set at install/upgrade time.

NOTE: Administering Authority Broker:

All Authority Broker administrators must be added to the POWERABADM authorization list using the following command:


ADDAUTLE AUTL(POWERABADM) USER(MYUSER) AUT(*USE)

 

NOTE: Even user profiles with *ALLOBJ authority must be added to the authorization lists if they wish to administer Authority Broker and run reports.

Once authorized to the POWERABADM authorization lists, a user will have all the authorities needed to administer Powertech Authority Broker. Product administrators will dynamically receive *CHANGE authority to Authority Broker data and *USE authority to Authority Broker programs at the time this authority is needed.

NOTE: The Product Administrator must have the following special authority: *JOBCTL.

Special Information for Authority Broker Reporting:


Users without *ALLOBJ Special Authority, who will be allowed to run Authority Broker reports, must be granted the POWERABRPT authorization list.


ADDAUTLE AUTL(POWERABRPT) USER(MYUSER) AUT(*USE)


Note for users who do NOT have *ALLOBJ special authority in their profile:

  • If you are only on the POWERABADM authorization list, you can administer the product but not run reports.
  • However, if you are on the POWERABADM authorization list and the POWERABRPT authorization list, you can administer the product and run reports.
  • If only on the POWERABRPT authorization list, you only have access to LEVENTRPT.

Options

Error Message Queue Name

The message queue name specifies the message queue and library where Authority Broker sends messages. Messages are sent to this queue when an unknown error causes Authority Broker to fail. Most installations specify QSYSOPR in Iibrary QSYS.

External Message Queue Name

The Authority Broker-supplied alert method EXTERNALMSGQ sends messages to this External message queue. Messages are sent to this message queue when it exists.

Possible values are:
 
NONE
Signifies that there is no external message queue being used.
message-queue-name
The name of the external message queue. It must conform to IBM's object naming standards.
Default Switch Duration

The default number of minutes a system user is allowed to stay swapped to a switch user. This value can be overridden at the switch pair level.

Valid values are:

minutes
The number of minutes [1 - 99999] that a switch is allowed to remain in effect. Specifying a number of minutes here results in *TIMED switches.
*NOMAX
The switch will not be timed and will remain in effect until released by the user or the job ends.
Enable FireCall

Enable FireCall controls the FireCall facility within Authority Broker.

NOTE: FireCall must be enabled for any FireCall functions to work.
Possible values are:
 
No
Select No to prevent usage of the FireCall facilities.
Yes
Select Yes to enable usage of the FireCall facilities.

About Authorization lists for FireCall: There are two authorization lists for FireCall (POWERABFO and POWERABFL):

1) POWERABFO

It is required that a FireCall Operator be added to the Authority Broker FireCall Operators authorization list (POWERABFO) in order to use the LFIRECALL and LFRCLLMNU commands. (The LFIRECALL command displays the FireCall Assignment screen and the LFRCLLMNU command displays the FireCall Menu.) The exception to this requirement is if the user has *ALLOBJ special authority.

A FireCall Operator must be on the POWERABFO authorization list in order to MAKE any FireCall Assignments via the following 'FireCall Access' option:

  • 'Give user FireCall access' (option '1' on the FireCall Menu).

The exception to this is if the user has *ALLOBJ special authority.

2) POWERABFL

It is required that a FireCall Operator be added to the Authority Broker FireCall Review authorization list POWERABFL in order to use the LFRCLLMNU command.

A FireCall Operator must be on the POWERABFL authorization list in order to REVIEW any FireCall Assignments via the following two 'FireCall Log' options:

  • 'FireCall log' (option '2' on the FireCall Menu).
  • 'FireCall Log' (option '2' on the Authority Broker Reports Menu). The exception to this is if the user has *ALLOBJ special authority.
Timed switch command

Any switch that has a time limit executes a command. For a new install, the default command menu for timed switches is ‘GO MENU(MAIN)’, the main IBM i command line menu. The command specified here is the default command that will be used for swap pairs unless your own specific command is defined. See Work with Timed Overrides screen.

The timed switch will remain in effect only as long as the command runs; when the command completes, the switch is released automatically.

This value can be overridden when the switch starts using the LSWPPRF command.

NOTE: Users of FireCall and Switch Time-Outs:


Timed switch users: If you use F3 or F12 to back up beyond the timed switch command starting point, the switch will be released. Please contact Powertech support if you have any questions about how this impacts your specific environment.

Switch end warning interval

Interval to notify switch time is coming to an end: The amount of time (in number of minutes) prior to the scheduled end of a Profile Switch when a user and the interested parties should be notified that the switch time is expiring.

Valid values are:

Between 1 and 10
Action for Warning Interval

The action that is to be taken when the warning interval is reached. This is the action for the Switched User.

NOTE: The System User that initiated the switch will also be notified.
Valid values are:
 
*NONE
No action is to be taken when the warning interval is reached.
*NOTIFY
Send a notification to the job.
*BRKMSG
Send a break message to the workstation if the job is interactive. Otherwise a notification will be sent.
Switch end action for batch jobs

The action that is to be taken against a batch job when a Profile Switch's end time is reached.

Valid values are:

*NONE
No action is to be taken.
*HLDJOB
Places the job on hold.
*ENDJOB
Ends the job controlled.
*NOTIFY
Sends a break message to the user and sends out alerts to the parties interested in this profile switch.
*ENDSWITCH
Runs LRLSPRF against the switched job.
Switch end action for interactive jobs

The action that is to be taken against an interactive job when a Profile Switch's end time is reached.

Valid values are:

*NONE
No action is to be taken.
*DSCJOB
Disconnects the job.
*ENDJOB
Ends the job controlled.
*NOTIFY
Sends a notification to the job — the switch remains active.
*ENDSWITCH
Runs LRLSPRF.
*HLDJOB
Places the job on hold.
Switch History data retention period
NOTE: When setting a number of days for “Switch History data retention period” or “Screen Capture data retention period” all data saved prior to the number of days specified will be purged. Switch History data that has been purged will not appear on Authority Broker or Compliance Monitor reports. In order to include purged Switch History data in a report, it would need to be restored from a backup copy and you would risk losing more recent log data collected since the last save of the file.

Specify the number of days of switch history you would like to keep on-line. This does not affect the retention of the security audit journal data; rather, it controls the age of the on-line lookup data stored in Authority Broker.

Possible values are:
 
10-99999 days
Specify a number of whole days for which switch history will be available on-line.
*NOMAX
Switch history is kept on-line forever. This is the default.
Screen capture data retention period

Specify the number of days of screen captures you would like to keep on-line. This does not affect the retention of the security audit journal data; rather, it controls the age of the on-line lookup data stored in Authority Broker.

NOTE: Screen capture data belongs to, and cannot exist without, a particular switch occurrence; therefore, this value cannot be greater than the value specified for Switch History data retention period.

Possible values are:

10-99999
days Specify a number of whole dags for which screen captures will be available on-line.
*NOMAX
Screen captures are kept on-line forever. This is the default.

Command Keys

  • F3 (Exit): Ends the current task and returns to the display from which the task was started. If changes have not been accepted prior to F3 being pressed, they will be lost.
  • F4 (Lookup): Provides lookup capabilities when the cursor is on a promptable field.
  • F5 (Refresh): Restores the display to the values found in the database. Any changes will be lost.
  • F12 (Cancel): Returns to the previous menu or display. If changes have not been accepted prior to F12 being pressed they will be lost.