Go4AS400-Image

The Web Ask Go4AS400
Share  
Homepage
See Sitemap
as400_FAQ
See Videos here
Contact me



Ü  SECURITY

·         AS400 security is related to creating limitations to a user for what he can access, operate and manage in the system.

 

Ü User profile

·         User profiles are used to identify users to the systems and verify authorities on the system (DSPUSRPRF, CHGUSRPRF, EDTOBJAUT)

·         User profiles tell the system who can sign on and what functions the user can perform on the system on the system resources after signing on.

·         The security officer or security administrator can create it.

·         The user profile defines the following attributes for a particular user

1)      User class

2)      Object owned and authorized

3)      Authorization of objects

4)      Current library

5)      Initial program and menu

6)      Maximum storage allowed

7)      Priority limit

8)      Group profile

 

                         Create User Profile (CRTUSRPRF)                       

                                                                               

 Type choices, press Enter.                                                    

                                                                               

 User profile . . . . . . . . . . > iRobo         Name                         

 User password  . . . . . . . . .   *USRPRF       Character value, *USRPRF...  

 Set password to expired  . . . .   *NO           *NO, *YES                    

 Status . . . . . . . . . . . . .   *ENABLED      *ENABLED, *DISABLED          

 User class . . . . . . . . . . .   *USER         *USER, *SYSOPR, *PGMR...     

 Assistance level . . . . . . . .   *SYSVAL       *SYSVAL, *BASIC, *INTERMED...

 Current library  . . . . . . . .   *CRTDFT       Name, *CRTDFT                

 Initial program to call  . . . .   *NONE         Name, *NONE                  

   Library  . . . . . . . . . . .                 Name, *LIBL, *CURLIB         

 Initial menu . . . . . . . . . .   MAIN          Name, *SIGNOFF               

   Library  . . . . . . . . . . .     *LIBL       Name, *LIBL, *CURLIB         

Display sign-on information  . .   *SYSVAL       *SYSVAL, *NO, *YES       

 Maximum allowed storage  . . . .   *NOMAX        Kilobytes, *NOMAX            

 Highest schedule priority  . . .   3             0-9                          

 Job description  . . . . . . . .   QDFTJOBD      Name                         

   Library  . . . . . . . . . . .     *LIBL       Name, *LIBL, *CURLIB   

                                                                                

 Group profile  . . . . . . . . .   *NONE         Name, *NONE                  

 Owner  . . . . . . . . . . . . .   *USRPRF       *USRPRF, *GRPPRF             

 Group authority  . . . . . . . .   *NONE         *NONE, *ALL, *CHANGE, *USE...

 Group authority type . . . . . .   *PRIVATE      *PRIVATE, *PGP               

 

                                                                        More...

 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display   

 F24=More keys                                                                 

                                                                               

 

¤ User class

When identifying a user on the system you can specify the user class in the user profile. AS/400 has five user classes that determine the level of system’s access a user is permitted. The five user classes, starting the highest level of access, are:

ü  Security officer (*SECOFR)

ü  Security administrator (*SECADM)

ü  Programmer (*PGMR)

ü   System operator (*SYSOPR)

ü  User (*USER)

 

¤ Object Authority

Object authority, or the right to user to use or control an object comes in two categories.

·         Object rights

·         Data rights

 

Object Authority Type

 

*EXCLUDE   è    The user cannot access the object.

*CHANGE     è    The user can change and perform basic functions on the object.

*ALL              è   The user can control the object's existence, specify the security for the object, change the

                             Object, and perform basic functions on the object.      

*USE             è    The user can perform basic operations on the object, such as running a program or reading

                            a file. The user cannot change the object. 

 

 

·        Object rights

Object rights assign a user the following authority

·         Operational rights (*OPER)

·         Object management rights (*OBJMGT)

·         Object existence rights (*OBJEXT)

·         Object Alter rights

·         Object ref rights

 

*OBJEXIST   è  Object existence authority provides the authority to control the object's existence and

                              ownership like delete an object, free storage for an object, perform save  and restore  

                              operations for an object, or transfer ownership of an object.

 

*OBJMGT   è    Object management authority provides the authority to the security for the object, move or

                              rename the object, and add members to database files.      

     

*OBJOPR    è   Object operational authority provides authority to  look at the description of an object and

                             to use the object as determined by the user's data authority to  the object.                                          

 

 

·         Data rights

Data rights apply to the data contained within the object.

                                                         

*ADD    è   Add authority provides the authority to add entries to an object (for example, job entries to an

                     queue or records to a file).                                                                                   

                                                          

*DLT    è   Delete authority allows the user to remove entries from an object (for example, remove  

                     messages from a message queue or records from a file.)                

                                                           

*READ è Read authority provides the authority needed to show the contents of an object.                            

                                                          

*UPD    è Update authority provides the authority to change the  entries in an object.  

                                                     

*EXECUTE  è Execute authority provides the authority needed to run a program or locate an object in a

                              library or  directory.                                            

                               

 

                      

 

                             Edit Object Authority

 

Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE

Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE

Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS

 

Type changes to current authorities, press Enter.

 

Object secured by authorization list  . . . . . . . . . . . .   *NONE

 

Object    ----------Object-----------

User        Group       Authority  Opr  Mgt  Exist  Alter  Ref

*PUBLIC                 *CHANGE     X

*GROUP      G#SAFE      *ALL        X    X     X      X     X

 

 

                                                                     Bottom

F3=Exit   F5=Refresh   F6=Add new users     F10=Grant with reference object

F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 

 

OBJECT AUTHORITY: *USE, *CHANGE, *

 

                         

                                 Add New Users                                 

 

Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE

Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE

Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS

 

Type new users, press Enter.

 

Object    ----------Object-----------

User        Authority  Opr  Mgt  Exist  Alter  Ref

 

_______      _______    __   __   __     __     __

 

 

 

                                                                   More...

F3=Exit   F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 

                                                                               

                                                                               

                                 Add New Users                                 

                                                                               

 Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE      

   Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE       

 Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS     

                                                                               

 Type new users, press Enter.                                                  

                                                                                

              Object    ---------------Data---------------                     

 User        Authority  Read  Add  Update  Delete  Execute                     

 Z03OPER     *USE       _x__   __   __      __      __                          

                                                                               

                                                                               

 

 

                               Work with Objects                                

                                                                               

 Type options, press Enter.                                                    

   2=Edit authority        3=Copy   4=Delete   5=Display authority   7=Rename  

   8=Display description   13=Change description                               

                                                                               

 Opt  Object      Type      Library     Attribute   Text                        

 2    ADDCL       *PGM      AMINEM      CLP         clp prm to add 2 var       

      CAP52I00    *PGM      AMINEM      CBL         Account fee condition intro

      CFP13RA0M   *PGM      AMINEM      CBL         Fee Statement Extraction pg

      ENTRY_CL    *PGM      AMINEM      CLP         ENTRY CL PGM               

      FPT1_PGM    *PGM      AMINEM      RPG         entry pgm to be called     

                                                                        More...

 Parameters for options 5, 7 and 13 or command                                 

 ===>                                                                          

 F3=Exit   F4=Prompt   F5=Refresh   F9=Retrieve   F11=Display names and types  

 F12=Cancel   F16=Repeat position to   F17=Position to                         

Not authorized to change authorities.     >>>>>>>>>>>>>>>>>>>>>>>>

 

 

 

                             Edit Object Authority                             

                                                                                

 Object . . . . . . . :   ADDCL           Owner  . . . . . . . :   G#SAFE      

   Library  . . . . . :     AMINEM        Primary group  . . . :   *NONE       

 Object type  . . . . :   *PGM            ASP device . . . . . :   *SYSBAS     

                                                                               

 Type changes to current authorities, press Enter.                             

                                                                               

   Object secured by authorization list  . . . . . . . . . . . .   *NONE       

                                                                               

                          Object    ----------Object-----------                

 User        Group       Authority  Opr  Mgt  Exist  Alter  Ref                

 *PUBLIC                 *CHANGE     X                                         

 *GROUP      G#SAFE      *ALL        X    X     X      X     X                 

 Z03OPER                 USER DEF    X    X     X      X     X                 

          

                                                                

 

 

Object    ---------------Data---------------

User        Group       Authority  Read  Add  Update  Delete  Execute

*PUBLIC                 *CHANGE     X     X     X       X        X

*GROUP      G#SAFE      *ALL        X     X     X       X        X

Z03OPER                 USER DEF    X

 

 

Bottom

F3=Exit   F5=Refresh   F6=Add new users     F10=Grant with reference object

F11=Display data authorities   F12=Cancel   F17=Top   F18=Bottom

 

 

                               Work with Objects                               

                                                                               

 Type options, press Enter.                                                    

   2=Edit authority        3=Copy   4=Delete   5=Display authority   7=Rename  

   8=Display description   13=Change description                               

                                                                               

 Opt  Object      Type      Library     Attribute   Text                       

      ADDCL       *PGM      AMINEM      CLP         clp prm to add 2 var       

      CAP52I00    *PGM      AMINEM      CBL         Account fee condition intro

      CFP13RA0M   *PGM      AMINEM      CBL         Fee Statement Extraction pg

      ENTRY_CL    *PGM      AMINEM      CLP         ENTRY CL PGM               

      FPT1_PGM    *PGM      AMINEM      RPG         entry pgm to be called     

      GEN         *PGM      AMINEM      RPGLE       GENERATION OF ACCOUNT NUMBE

                                                                        More...

 Parameters for options 5, 7 and 13 or command                                 

 ===> call aminem/addcl                                                        

 F3=Exit   F4=Prompt   F5=Refresh   F9=Retrieve   F11=Display names and types  

 F12=Cancel   F16=Repeat position to   F17=Position to                         

 

Not authorized to program ADDCL in library AMINEM.     >>>>>>>>>>>>>>>>>>>>>>

 

 

 

 

Ü Group profile

 

It is a profile that facilitates a number of users to get the same authority for an object.

 

Authority List (*AUTL) è If we want different authority to different user, then we go for Authority List.

                       Create Authorization List (CRTAUTL)                     

                                                                                

 Type choices, press Enter.                                                    

                                                                               

 Authorization list . . . . . . .   AUTH01        Name                         

 Text 'description' . . . . . . .   *BLANK                                     

                                                                               

                                                                                

                            Additional Parameters                              

                                                                               

 Authority  . . . . . . . . . . .   *USE          *CHANGE, *ALL, *USE, *EXCLUDE

                                                                               

                                                                               

 

                                                                               

                                                                                

                                                                               

                                                                         Bottom

 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display   

 F24=More keys                                                                 

                                                                               

Authorization list AUTH01 created.        

                     Add Authorization List Entry (ADDAUTLE)                   

                                                                               

 Type choices, press Enter.                                                     

                                                                               

 Authorization list . . . . . . . > AUTH01        Name, generic*               

 User . . . . . . . . . . . . . . > AJAISWAL      Name                          

                + for more values   +             >>>>>>>>>>>>>>> To add more user

 Authority  . . . . . . . . . . .   *CHANGE       *EXCLUDE, *CHANGE, *ALL...   

                + for more values                                              

                                                                               

                                                                               

                                                                               

                                                                                

 

                                                                               

                                                                               

                                                                                

                                                                         Bottom

 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display   

 F24=More keys                                                                 

                          



Comments:

Copyright © Go4as400.com, 2014. Copyright notice