ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqlmtdevssn.htm

130 lines
7.4 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Limit device sessions" />
<meta name="abstract" content="The limit device sessions system value specifies whether a user is allowed to be signed on to more than one device at a time." />
<meta name="description" content="The limit device sessions system value specifies whether a user is allowed to be signed on to more than one device at a time." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qlimtdevssn" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Limit device sessions</title>
</head>
<body id="qlimtdevssn"><a name="qlimtdevssn"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Limit device sessions</h1>
<div><p>The limit device sessions system value specifies whether a user
is allowed to be signed on to more than one device at a time.</p>
<p>This value does not restrict the System Request menu or a second signon
from the same device. If a user has a disconnected job, the user is allowed
to sign on to the system with a new device session. Allowing users to sign
on to only one workstation at a time promotes good security habits. If you
limit users to one device, you discourage users from sharing user IDs and
passwords. If people share user IDs, you lose both control and accountability.
You can no longer tell who really does what functions on the system. In addition
users must remember to sign off one workstation before moving to another one.
Workstations left signed on, but not in use, pose a security risk. Give every
system user a unique user ID and password with the appropriate authorities,
then restrict them to using one workstation at a time. You can also restrict
users to a specific device through individual<a href="rzamvuserprof.htm"> user profiles</a>.</p>
<p>See <a href="#qlimtdevssn__quickref">Table 2</a> table for an
overview of the limit device sessions system value.</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the limit device sessions
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e32">iSeries™ Navigator</th>
<th valign="bottom" id="d0e36">Character-based interface</th>
<th valign="bottom" id="d0e38">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e32 ">Deselected</td>
<td valign="top" headers="d0e36 ">0 (No)</td>
<td valign="top" headers="d0e38 ">The system allows an unlimited number of signon sessions.</td>
</tr>
<tr><td valign="top" headers="d0e32 ">Selected</td>
<td valign="top" headers="d0e36 ">1 (Yes)</td>
<td valign="top" headers="d0e38 ">Users are limited to one device session.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><span class="uicontrol">Relationship to security policy</span></p>
<p>Setting the limit device sessions system value discourages sharing password
and leaving workstation signed on; however, regardless of the decision you
make for this system value, your security policy should implicitly discourage
these practices. These bad habits provide a potential attacker access to your
resources and sensitive business information. In your security policy users
should be made aware of the risks and the consequences for these practices. </p>
<div class="p">
<div class="tablenoborder"><a name="qlimtdevssn__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qlimtdevssn__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
for the limit device sessions system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e73">iSeries Navigator name</th>
<th valign="bottom" id="d0e77">Limit each user to one device session</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e73 ">Character-based interface name</td>
<td valign="top" headers="d0e77 ">QLMTDEVSSN</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Authority</td>
<td valign="top" headers="d0e77 "><p>All object access (*ALLOBJ)<br />
Security administrator (*SECADM)</p>
<div class="note"><span class="notetitle">Note:</span> The Security Officer (QSECOFR)
user profile is shipped with these authorities.</div>
</td>
</tr>
<tr><td valign="top" headers="d0e73 ">How to access</td>
<td valign="top" headers="d0e77 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <span class="uicontrol">Signon Policy</span> and select <span class="uicontrol">Properties</span>.</li>
<li>On the <span class="uicontrol">General</span> page, you will find the option for
limiting device sessions.</li>
</ol>
</div>
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QLMTDEVSSN</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Changes take effect</td>
<td valign="top" headers="d0e77 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Default value</td>
<td valign="top" headers="d0e77 ">Deselected</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Recommended value</td>
<td valign="top" headers="d0e77 ">Selected</td>
</tr>
<tr><td valign="top" headers="d0e73 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e77 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e73 ">Special considerations </td>
<td valign="top" headers="d0e77 ">NA</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more detailed information about this security value, see Chapter 3, <span class="q">"Security
System Values"</span> in <a href="../books/sc415302.pdf" target="_blank">Security
Reference</a>. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>