Location Rules

The green screen is the traditional Powertech Exit Point Manager for IBM i interface. All functions related to adding, editing, and deleting rules are available using either the web browser interface or the green screen, although the procedures for accomplishing these tasks differ considerably.

You can use the Work with Security by Location panel to maintain a location's server and server function filter rules. After entering a valid location, you can add, change, or delete the location's individual server and server function filter rules. You also can copy a location's filter rules to another location, or delete all the location's filter rules. To change a rule, type over the existing values, and press Enter.

  1. Select option 1 on the Powertech Exit Point Manager for IBM i Main Menu, then option 3, to open the Work with Security by Location panel.
  2. The Work with Security by Location panel displays. Initially, this screen lists the default rules. You can add and maintain additional server function filter rules for locations using this panel.

  3. To add a new rule, press F6. The Create Location Rule panel appears. (To change the filter rule properties of an existing rule, choose 2 for the existing rule.)
  4. Enter the function, location, and filter rule properties. To see a list of available functions, authorities, or switch profiles for the selected server, you can press F4 (Prompt) to display a prompt screen.

    For example, press F4 in the Function field to display the Prompt Server Functions panel. Enter a 1 next to the function for which you want to define a rule.

    • To apply the rule to all locations, enter *ALL in the Location field. To restrict the rule to one IP address, enter the IP address (for example, 10.123.144.213). To restrict the rule to a range of IP addresses, you can enter a generic IP address (for example, 10.123.*).

    • To select from a list of valid authorities, press F4 to display the Valid Authorities panel. If you set the Authority to *REJECT, Powertech Exit Point Manager for IBM i rejects the specified transaction. Whenever Powertech Exit Point Manager for IBM i rejects a request for any reason, the transaction is recorded in the audit journal and the Aud column is not considered. The rejected request is audited regardless of the value in the Aud column.
  5. Specify if you want Powertech Exit Point Manager for IBM i to send a message (Msg = Y) and capture transactions for memorization (Cap = Y). If you do not specify a Switch Profile, it defaults to *NONE. Press Enter to add the rule.
  1. Enter 3 for the location rule you would like to copy. The Copy Location Rule panel appears.
  2. Specify the new location and press Enter.

    Work with Security by Location panel

NOTE:
  • When you copy a location's rules, it does not copy all sublocation rules; only the rules for the selected location, for example, 192.*, are copied.
  • All existing authorities for the location you are copying to are deleted.

On the Work with Security by Location panel, enter option 5 next to a location to display the Location Rule Derivation panel. This panel provides location rule detail information, including parameter settings and Active Rule and Rule Derivation information.

Location Rule Detail panel

On the Work with Security by Location panel, choose 4 for a location rule to delete it.

 

You also have the option to set rules across multiple servers at one time from the Work with Security by Location panel.

  1. On the Work with Security by Location panel, press F2 to display the Add Location Rules panel.
  2. Specify the desired Location, Authority, Switch Profile, and Audit/Message/Capture flags for the rule.
  3. For Replace, choose Y to set the new rule across only those servers where a rule already exists for the specified location. This option updates existing rules with the specified rule filters and changes all existing rules for the location to those you entered.
  4. Press Enter to set a new rule across all Powertech Exit Point Manager for IBM i servers, including servers that don't already have a rule for the specified location. This option adds *ALL functions for any missing servers and updates any existing rules.
NOTE: If an Authority setting is set to *SAME, Powertech Exit Point Manager for IBM i does not change the existing settings and does not create new rules when you select Add and Change records (All Servers).

Powertech Exit Point Manager for IBM i ships with 30 default location authority rules. You can view these rules from the Work with Security by Location panel. To display the Work with Security by User panel, from the Main Menu, choose option 1, then 2.

Use F16 to Sort and Subset by Server, Function, or Location.

Related Topics