Create Object Rule by User

How to Get There

From the Security Configuration Menu, select option 4 to display the Work with Object Lists panel, then enter option 9 next to an Object Lists. On the Object Rules using Object List panel, press F6. Select Create Object Rule by User and press Enter.

What it Does

The Create Object Rule by User panel allows you to create an Object Rule linking a User to an Object List. The Copy Object List Entry panel allows you to copy an Object List Entry to a new entry.

Options

User

User represents the identity of the person initiating a transaction as a user profile. The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. when used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.

Object List

The Object List name is a short name you assign to a list of objects to help you identify the list. This name is required to be a valid OS name.

Operation

Operation represents the type of action being performed upon an object or upon the data in an object.

The valid values are:

*ALL Applies to all of the above types of operations.
*CREATE Applies to objects when they are being created or to their data when they are being added to an object; for example, when writing records to a database.
*READ Applies to non—modifying accesses of objects or the reading of an object's data.
*UPDATE Applies to changes to objects or changes to their data.
*DELETE Applies to deletion of objects or deletion of their data; for example, deleting records from a database file.
Status

Status indicates that an Object Rule is active (being enforced) or inactive (not being enforced).

Data Accesses

Use the Data Accesses fields to specify user rights to the data in the objects in the Object List.

Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction. This Authority value pertains to Data Accesses.

The valid values are:

*ALLOW The transaction will be allowed and object authority will be determined by the operating system.
*REJECT The transaction will not be allowed.
*SWITCH The transaction will be allowed and the transaction will occur as if the user profile named as the Swap Profile had initiated the transaction. After switching to the Swap Profile, the authority used during the transaction will be determined by the operating system.
Audit

The Audit flag controls the logging of transactions to the Log Journal set up on the work with Powertech Exit Point Manager for IBM i System Values panel. This Audit flag pertains to Data Accesses.

The valid values are:

Y The transaction will be logged to the Log Journal.
N The transaction will not be logged to the Log Journal.
* The default value from a prior rule will control the logging.
Message

The Message flag controls the sending of messages to the Log Message Queue set up on the Work with Powertech Exit Point Manager for IBM i System Values panel. This Message flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Capture

The Capture flag controls whether transactions are remembered in Powertech Exit Point Manager for IBM i for later memorization. Once captured, transactions can become Memorized Transactions, which can act as rules. This Capture flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Switch Profile

The Switch profile entry holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. The job that processes the transaction continues to run under this Switch profile until Exit Point Manager processes another transaction request for that job.

Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise, it must contain *NONE. This Switch profile pertains to Data Accesses.

Object Accesses

Use the Object Accesses fields to specify user rights to the objects in the Object List.

Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction. This Authority value pertains to Object Accesses.

The valid values are:

*ALLOW The transaction will be allowed and object authority will be determined by the operating system.
*REJECT The transaction will not be allowed.
*SWITCH The transaction will be allowed and the transaction will occur as if the user profile named as the Swap Profile had initiated the transaction. After switching to the Swap Profile, the authority used during the transaction will be determined by the operating system.
Audit

The Audit flag controls the logging of transactions to the Log Journal set up on the work with Powertech Exit Point Manager for IBM i System Values panel. This Audit flag pertains to Object Accesses.

The valid values are:

Y The transaction will be logged to the Log Journal.
N The transaction will not be logged to the Log Journal.
* The default value from a prior rule will control the logging.
Message

The Message flag controls the sending of messages to the Log Message Queue set up on the work with Powertech Exit Point Manager for IBM i System Values panel. This Message flag pertains to Object Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
*  The default value from a prior rule will control the logging.
Capture

The Capture flag controls whether transactions are remembered in Powertech Exit Point Manager for IBM i for later memorization. Once captured, transactions can become Memorized Transactions, which can act as rules. This Capture flag pertains to Object Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Switch Profile

The Switch profile entry holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. The job that processes the transaction continues to run under this Switch profile until Exit Point Manager processes another transaction request for that job.

Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise, it must contain *NONE. This Switch profile pertains to Object Accesses.

See Object Rules.

Command Keys

F3 (Exit): Exit the panel without processing any pending changes.

F4 (Prompt): Displays a list of possible values.

F12 (Cancel): Exit the panel without processing any pending changes.