ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakz_5.4.0.1/rzakzqalwusrdmn.htm

117 lines
7.4 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security system values: Allow these objects in . . ." />
<meta name="abstract" content="Specifies where to allow user domain objects that bypass authority checking and cannot be audited. (QALWUSRDMN)" />
<meta name="description" content="Specifies where to allow user domain objects that bypass authority checking and cannot be audited. (QALWUSRDMN)" />
<meta name="DC.Relation" scheme="URI" content="rzakzsecurityoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzlocksecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakzfinder.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakzqalwusrdmn" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security system values: Allow these objects in . . .</title>
</head>
<body id="rzakzqalwusrdmn"><a name="rzakzqalwusrdmn"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security system values: Allow these objects in . . .</h1>
<div><p>Specifies where to allow user domain objects that bypass authority
checking and cannot be audited. (QALWUSRDMN)</p>
<p><span class="uicontrol">Allow these objects in . . .</span>, also known as <span class="uicontrol">QALWUSRDMN</span>,
is a member of the security category of i5/OS™ system values. You can use this system
value to specify where to allow user domain objects that bypass authority
checking and cannot be audited. To learn more, keep reading.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr><th colspan="2" valign="top" class="firstcol" id="d0e31">Quick reference</th>
</tr>
</thead>
<tbody><tr><th valign="top" class="firstcol" id="d0e35" headers="d0e31 ">Location</th>
<td valign="top" headers="d0e35 d0e31 ">In iSeries™ Navigator,
select your system, <span class="menucascade"><span class="uicontrol"></span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">System Values</span> &gt; <span class="uicontrol">Security</span> &gt; <span class="uicontrol">User Domain Objects</span></span></td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e53" headers="d0e31 ">Special authority</th>
<td valign="top" headers="d0e53 d0e31 ">All object (*ALLOBJ) and security administrator (*SECADM)</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e58" headers="d0e31 ">Default value</th>
<td valign="top" headers="d0e58 d0e31 ">All libraries and directories</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e63" headers="d0e31 ">Changes take effect</th>
<td valign="top" headers="d0e63 d0e31 ">Immediately</td>
</tr>
<tr><th valign="top" class="firstcol" id="d0e68" headers="d0e31 ">Lockable</th>
<td valign="top" headers="d0e68 d0e31 ">Yes Lock function of security-related system values<br /><img src="rzakz503.gif" alt="Lockable system value" /><br /> (Click for details)</td>
</tr>
</tbody>
</table>
</div>
<div class="section"><h4 class="sectiontitle">What can I do with this system value?</h4><p>You may select
where to allow user domain objects that cannot be audited. If your system
has a high security requirement, you should allow only user domain objects
of type *USRSPC, *USRIDX and *USRQ in QTEMP. These objects are the user domain
object types that are not auditable. At security level 50, the QTEMP library
cannot be used to pass data between jobs. The following are possible options:</p>
<dl><dt class="dlterm">All libraries and directories (*ALL)</dt>
<dd>Allows objects that are not auditable in all libraries and directories.
The server has multiple file systems. Libraries are part of the QSYS file
system, and directories are part of a POSIX file system. Directories are referred
to as being part of the "root" or "QOpenSys" file system.</dd>
<dt class="dlterm">QTEMP library and in the following</dt>
<dd>Allows you to specify where to allow objects that are not auditable, in
addition to the QTEMP library. You may select one of the following:<dl><dt class="dlterm">All directories (*DIR)</dt>
<dd>Allows objects that are not auditable in all directories, in addition
to the QTEMP library. </dd>
<dt class="dlterm">Selected libraries</dt>
<dd>Allows you to specify libraries in which to allow objects that are not
auditable. This system value indicates specific libraries that may contain
user domain versions of user objects. You may list up to 50 libraries. If
you specify a list of library names, applications that currently work with
user domain user objects may fail if they use objects in libraries not specified
in the list.<dl><dt class="dlterm"><em>library-name</em></dt>
<dd> Specifies the name of the library that you want to add. You can type
a library name or use the <span class="uicontrol">Browse</span> button to locate
a library.</dd>
<dt class="dlterm">Selected libraries</dt>
<dd>Specifies the libraries that may contain objects that are not audited.<div class="note"><span class="notetitle">Note:</span> To
reduce a possible security exposure, create the library in the system disk
pool, in a basic user disk pool or in all the independent disk pools before
adding it to this system value. Also, give the library a public authority
of *EXCLUDE.</div>
</dd>
</dl>
</dd>
</dl>
</dd>
</dl>
</div>
<div class="section"><h4 class="sectiontitle">Where can I get more information about this system value?</h4><p>To
learn more, go to the security system values overview topic. If you are looking
for a specific system value or category of system values, try using the i5/OS system
value finder.</p>
</div>
</div>
<div><div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzakzsecurityoverview.htm" title="Use i5/OS security system values to control object, user, and system security values.">System values: Security overview</a></div>
<div><a href="rzakzlocksecurity.htm" title="Find information about how to lock and unlock system values. Only some system values can be locked. This will provide you with a description of the lock function, what system values can be locked, and how to lock and unlock them.">Lock function of security-related system values</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="rzakzfinder.htm">System value finder</a></div>
</div>
</div>
</body>
</html>