Add Location Rules

How to Get There

Enter option 3 on the Exit Point Manager Main Menu to display the Work with Security by Location panel. Press F2 to display the Add Location Rules panel.

What it Does

The Global Rule Facility panel allows you to create location rules for all Servers.

Options

These rules will have a Function of *ALL.

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.

Location

Location represents the source of a transaction. Location can hold an IP Address, an IP Address Group or the name of an SNA Communications Device.

The special value *ALL, when used on a rule, means that the rule applies to any Location lacking a specific rule. When used as a subset or selection parameter, *ALL generally means to select all such rules for display or printing.

Server

A Server in Exit Point Manager is a controlled entry point into your system. These entry points are determined and defined by IBM. Exit Point Manager has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Exit Point Manager represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Exit Point Manager has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Authority Property

The authority assigned for servers and their functions.

Possible values are:

*OS400Exit Point Manager will use normal OS/400 authority for the location. This is valid for both location and user.
*REJECTExit Point Manager will reject requests for the specified location. This is valid for both location and user.
*SWITCHExit Point Manager will use the authority of the switch profile for the specified location. A switch profile entry is required. This is valid for both location and user.
*MEMREJECT Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Exit Point Manager will reject requests for the specified location. This is valid for both location and user.
*MEMOS4OO Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Exit Point Manager will use normal OS/400 authority for the location. This is valid for both location and user.
*MEMUSR Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Exit Point Manager will check server user authority. This is only valid for location.
*USERExit Point Manager will check server user authority. This is only valid for location.
*MEMSWITCH Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Exit Point Manager will use the authority of the switch profile for the specified location. A switch profile entry is required. This is valid for both location and user.
*SRVFCNExit Point Manager will use the authority defined for the server/function. This is valid for both location and user.
*SAMEExit Point Manager will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.
Switch Profile Property

The name of a switch profile for this location/server/function. If a profile name is supplied, processing is swapped to run under this profile's authority. This is only valid for authorities *SWITCH and *MEMSWITCH.

Possible values are:

*NONE No switch profile is being used.
switch-profile The switch profile to process under. It must be an active profile residing on the AS/400.
*SRVFCNExit Point Manager will use the switch profile defined for the server/function. Exit Point Manager will use the switch profile defined for the server/function.
*SAMEExit Point Manager will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.
Audit Property

The audit property controls the type of requests Exit Point Manager will log.

Possible values are:

Y Log all requests by the location/server/function.
N Only log authority failures for the location/server/function.
* Use the audit value for the server/function.

Exit Point Manager will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Message

The message property entry will determine if Exit Point Manager sends a message to the Exit Point Manager message queue.

Possible values are:

N No message is sent.
Y A message is sent to the Exit Point Manager message queue.
* Use the audit value for the server/function.
S Exit Point Manager will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.
Capture

Capture transactions for Memorized Transaction Request (MTR).

Possible values are:

N Do not capture transactions.
Y Capture transactions.
* Use the audit value for the server/function.
S Exit Point Manager will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.
Change existing

The Change existing option controls whether any existing rules are updated or not updated.

The valid values are Y and N.

Change only

If this is set to 'N' then new rules are added and (depending on the setting for Replace) existing rules are changed.

If this is set to 'Y' then only existing rules are changed.

The valid values are Y and N.