Work with Security by User

How to Get There

From the Security Configuration Menu, choose option 2.

What it Does

The Work with Security by User panel allows you to maintain a user's server and server function rules. After entering a valid user profile, you can add, change, or delete the user's individual server and server function rules. You can also copy a user's rules to another user or delete all of the user's rules.

Options

2=Change

Choose this option for a rule to open the Change User Rule panelChange User Rule, where you can change a User Rule.

3=Copy

Choose this option for a rule to open the Copy User Rule panelCopy User Rule panel, where you can copy a User Rule.

4=Delete

Choose this option for a rule to delete it.

5=Display

Choose this option to display the User Rule Derivation panelUser Rule Derivation panel for the rule.

Field Descriptions

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named. The following describes the fields on the Work with Security by Server panel.

Position to User

Used to position the list.

Opt

Enter a valid option from the list of options provided on the list panel.

Typ

This field is used to indicate whether the associated User field refers to an O/S user profile or a Powertech Exit Point Manager for IBM i User Group.

The valid values are:

U The associated User field refers to an O/S user profile.

G The associated User field refers to an Powertech Exit Point Manager for IBM i User Group.

User

If the associated User Type is a 'U', User represents the identity of the person initiating a transaction as a user profile.

The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. When used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.

If the associated User Type is a 'G', User represents an Powertech Exit Point Manager for IBM i User Group name.

Server

A Server in Powertech Exit Point Manager for IBM i is a controlled entry point into your system. These entry points are determined and defined by IBM. Powertech Exit Point Manager for IBM i has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Powertech Exit Point Manager for IBM i represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Powertech Exit Point Manager for IBM i has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Authority

The authority assigned to the user for this server/function.

The possible values are:

*ALLOW Powertech Exit Point Manager for IBM i will use normal system authority for the user.

*REJECT Powertech Exit Point Manager for IBM i will override normal system authority and reject requests.

*SWITCH Powertech Exit Point Manager for IBM i will use the authority of the Switch profile for the specified user. A Switch profile entry is required.

*MEMALLOW Check Memorized Transactions (MTR) for authority. If no MTR authority is found, Powertech Exit Point Manager for IBM i will use normal system authority for the user.

*MEMREJECT Check Memorized Transactions (MTR) for authority. If no MTR authority is found, Powertech Exit Point Manager for IBM i will reject requests for the specified user.

*MEMSWITCH Check Memorized Transactions (MTR) for authority. If no MTR authority is found, Powertech Exit Point Manager for IBM i will use the authority of the Switch profile for the specified user. A Switch profile entry is required.

*MEMOBJ Check Memorized Transactions (MTR) for authority. If no MTR authority is found, check Object Rules for authority. If no Object Rule authority is found, Exit Point Manager will use normal allow authority for the user.

*SRVFCN Powertech Exit Point Manager for IBM i will use the authority defined for the server/function.

Audit

The Audit flag controls the logging of transactions to the Log Journal set up on the Work with Powertech Exit Point Manager for IBM i System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Logs all requests when this rule is enforced.

N Logs only access failures (rejects) for this rule.

Message

The Message flag controls the sending of messages to the Log Message Queue set up on the Work with Powertech Exit Point Manager for IBM i System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Sends a message when this rule is enforced.

N Does not send a message when this rule is enforced.

Capture

The Capture flag controls whether transactions are remembered in Exit Point Manager for later review and analysis. Once captured, transactions can be used to create new or remove existing User, Location, and Pre-filter rules, as well as become Memorized Transactions which can act as rules. They are also a major component of your Discovery, Data Collection, and AnalysisDiscovery, Data Collection, and Analysis.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Captures the transaction when this rule is enforced.

N Does not capture the transaction when this rule is enforced.

Switch Profile

The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. The job that processes the transaction continues to run under this Switch profile until Exit Point Manager processes another transaction request for that job.

Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise, it must contain *NONE.

Command Keys

F2 (Global Rule Facility): Maintain rules en mass.

F3 (Exit): Exit the current panel without processing any pending changes.

F4 (Prompt): Display a list of valid values for field prompted.

F5 (Refresh): Refreshes the panel and resets all available text fields.

F6 (Create rule): Creates a new user rule.

F7 (Select system): Allows user to select a different silo system.

F8 (Captured trans): Allows user to go to the Work with Captured Transaction panel, which will be filtered based on the rule on which the cursor was positioned when F8 was pressed.

F9 (Memorized trans): Allows user to go to the Work with Memorized Transaction panel, which will be filtered based on the rule on which the cursor was positioned when F9 was pressed.

F10 (Copy user): Copy all of current user authorities to another user.

F12 (Cancel): Exit the current panel without processing any pending changes.

F13 (Display messages): Displays messages for user.

F14 (Work with submitted jobs): Displays jobs submitted from the current job.

F15 (Work with spooled files): Displays the user's print output.

F16 (Sort/subset): Opens the User Rules Subset panel, which allows you to subset the list of User Rules by Server, Function, Type, or User.

F21 (User Groups): Allows user to go to the Work with User Groups panel.

F24 (More keys): Displays additional function keys (listed above).

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
8.01 | 202306130759 | June 2023