ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvusersec.htm

179 lines
11 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="User security" />
<meta name="abstract" content="From a user's point of view, security affects how they use and complete tasks on the system." />
<meta name="description" content="From a user's point of view, security affects how they use and complete tasks on the system." />
<meta name="DC.Relation" scheme="URI" content="rzamvconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvplanusersec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsetusersec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsavesecinfo.htm" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415304.pdf" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="usersec" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>User security</title>
</head>
<body id="usersec"><a name="usersec"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">User security</h1>
<div><p>From a user's point of view, security affects how they use and
complete tasks on the system.</p>
<p>User security includes how users interact with the system to complete their
tasks. It is important to consider how a user will view security. For example,
setting passwords to expire every five days might frustrate and interfere
with a user's ability to complete his or her job. On the other hand, too lax
a password policy might cause security problems.</p>
<p> To provide the right security for your system, you need to divide security
into specific parts that you can plan, manage, and monitor. From a user's
point of view, you can divide your system security into several parts.</p>
<div class="p">User security includes all areas where security affects the users and where
users can affect the system. Key components of user security include: <ul><li><strong>Physical access to the system</strong><p>Physical security protects the
system unit and all system devices, including backup storage media, such as
diskettes, tapes, or CDs from accidental or intentional loss or damage. Most
measures you take to ensure the physical security of your system are external
to the system. However, the system ships with a keylock or electronic keystick
that prevents unauthorized use of functions at the system unit. </p>
</li>
<li><strong>How users signon</strong><p>Signon security prevents a person who is not
identified on the system from signing on. To sign on, an individual must present
valid credentials, such as entering a valid combination of user ID and password.
You can use both system values and individual user profiles to make sure that
your signon security is not violated. For example, you can require that passwords
be changed on a regular basis. You can also prevent the use of passwords that
are easy to guess.</p>
</li>
<li><strong>What users are allowed to do</strong><div class="p">An important role of security, and
of system customization, is to define what users can do. From a security perspective,
this is often a limiting function, such as preventing people from seeing certain
information. From a system customizing perspective, this is an empowering
function. A properly customized system makes it possible for people to do
their jobs well by eliminating unnecessary tasks and information. Some methods
for defining what users can do are appropriate for the security officer, while
others are the responsibility of programmers. This information focuses primarily
on those things that a security officer usually does. Parameters are available
in individual user profiles, job descriptions, and classes to control what
the user can do on the system. The list below briefly describes the techniques
available: <ul><li>Limiting users to a few functions. <p>You can limit users to a specific
program, menu or set of menus, and a few system commands based on their user
profile. Usually, the security officer creates and controls user profiles.</p>
</li>
<li>Restricting system functions. <p>System functions allow you to save and
restore information, manage printer output, and set up new system users. Each
user profile specifies which of the most common system functions that the
user can perform. You perform system functions by using control language
(CL) commands and APIs. Because every command and API is an object, you can
use object authorities to control who can use them and complete system functions.</p>
</li>
<li>Determining who can use files and programs. <p>Resource security provides
the capability to control the use of every object on the system. For any object,
you can specify who can use it and how they can use it. For example, you can
specify that one user can only look at the information in a file; another
user can change data in the file; a third user can change the file or delete
the entire file.</p>
</li>
<li>Preventing abuse of system resources. <p>The processing power on your
system can become just as important to your business as the data that you
store on it. The security officer helps to ensure that users do not misuse
system resources by running their jobs at a high priority, printing their
reports first, or using too much disk storage.</p>
</li>
</ul>
</div>
</li>
<li>How your system communicates with other computers.<p>Additional security
measures may be necessary if your system communicates with other computers
or with programmable workstations. If you do not have proper security controls,
someone on another computer in your network can start a job or access information
on your computer without going through the signon process. You can use both
system values and network attributes to control whether you allow remote jobs,
remote access of data, or remote PC access on your system. If you allow remote
access, you can specify what security to enforce. You can find descriptions
for all system values in Chapter 3, <span class="q">"Security System Values,"</span> of the <cite>iSeries™ Security
Reference</cite>. </p>
</li>
<li>How to save your security information.<p>You need to regularly back up
the information on your system. In addition to saving the data on your system,
you need to save security information. If a disaster occurs, you need to be
able to recover information about system users, authorization information,
and the information itself. </p>
</li>
<li>How to monitor your security plan.<div class="p">The system provides several tools
for monitoring security effectiveness: <ul><li>Messages are sent to the system operator when certain security violations
occur.</li>
<li>Various security-related transactions can be recorded in a special audit
journal.</li>
</ul>
<a href="rzamvmonitorsec.htm#monitorsec">Monitor security</a> discusses the use
of these tools in general terms. You can find more details on security auditing
in Chapter 9, "Auditing Security on the System," in the <cite>iSeries Security
Reference</cite>.</div>
</li>
<li>How to customize the security on your system.<div class="p">You can customize your
system to help your users accomplish their daily work. To best customize your
system for your users, think of what they need to accomplish their work successfully.
You can customize the system to show menus and applications in several ways: <ul><li>Show users what they want to see.<p>Most of us arrange our desks and our
offices so we can easily reach the things that we need most. Think of your
users' access to the system in the same way. After signing on to the system,
a user should first see the menu or display that person uses the most. You
can easily design user profiles to make this happen.</p>
</li>
<li>Eliminate unnecessary applications.<p>Most systems have many different
applications on them. Most users only want to see the things they need to
do their jobs. Limiting them to a few functions on the system makes their
jobs easier. With user profiles, job descriptions, and appropriate menus,
you can give each user a specific view of the system.</p>
</li>
<li>Send something to the right output location.<p>Users should not have to
worry about how to get their reports to the correct printer or how their batch
jobs should run. System values, user profiles, and job descriptions do these
things.</p>
</li>
<li>Provide assistance.<p>No matter how well you succeed in customizing
the system, users may still wonder <span class="q">"Where is my report?"</span> or <span class="q">"Has my
job run yet?"</span> Operational Assistant displays provide a simple interface
to system functions, which help users answer these questions. Different versions
of system displays, called assistance levels, provide help for users with
different levels of technical experience. When your system arrives, Operational
Assistant displays are automatically available for all users. However, the
design of your applications may require you to change the way users get access
to the Operational Assistant menu. The system provides tools which allow
you to customize your system security to protect your resources while allowing
users to access those resources.</p>
</li>
</ul>
</div>
</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvconcepts.htm" title="To effectively create a security policy and plan security measures for your system, you need to understand the following security concepts, some of which are general concepts and some of which are specific to the hardware type.">Concepts</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvplanusersec.htm" title="Planning user security includes planning all areas where security affects the users on your system.">Plan user security</a></div>
<div><a href="rzamvsetusersec.htm" title="Setting up user security involves installing application libraries, and setting up user groups and profiles.">Set up user security</a></div>
<div><a href="rzamvsavesecinfo.htm" title="This topic presents an overview of how you save and restore security information.">Save security information</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../books/sc415304.pdf" target="_blank">Backup and Recovery PDF</a></div>
</div>
</div>
</body>
</html>