ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatl_5.4.0.1/rzatlauthenticate.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Authorize Pegasus" />
<meta name="abstract" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />
<meta name="description" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />
<meta name="DC.Relation" scheme="URI" content="rzatlsecure.htm" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="authorization" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Authorize Pegasus</title>
</head>
<body id="authorization"><a name="authorization"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Authorize Pegasus</h1>
<div><p>A type of security check that is required for Pegasus on <span class="keyword">i5/OS™</span> is verifying that users have
access to the objects they are trying to change. This process is called <dfn class="term">authorization</dfn>.</p>
<div class="section"><p> In Pegasus, there are two types of operations that require users
to have authorization to perform them: CIM class and qualifier operations,
and CIM instance operations.</p>
<p>CIM class and qualifier operations change
the local copy of the CIM schema (for example, DeleteClass). Users need authorization
to these operations before being able to use the operations listed in the
following information with systems management data provided by CIM. These
operations do not change any <span class="keyword">i5/OS</span> system
objects, but because they do change the CIM schema exposed to clients, some
authorization is required to use them. For the iSeries™ servers, authorization to these
operations is controlled by Application Administration in iSeries Navigator.</p>
<p>To
work with authorization for CIM operations in Application Administration:</p>
</div>
<ol><li><span>Start iSeries Navigator.</span></li>
<li><span>From <span class="uicontrol">My connections</span>, right-click the system
you want to change.</span></li>
<li><span>Select <span class="uicontrol">Application Administration</span>.</span></li>
<li><span>Select <span class="uicontrol">Local Settings</span> (if available).</span></li>
<li><span>Select <span class="uicontrol">Host Applications</span> tab.</span></li>
<li><span>Expand <span class="uicontrol">CIMOM server</span>.</span></li>
<li><span>Add or remove a user or groups authorization to the following operations.</span></li>
</ol>
<div class="section"><p>Application Administration allows users to be authorized to the
following operations: </p>
<ul><li>GetClass</li>
<li>DeleteClass</li>
<li>CreateClass</li>
<li>ModifyClass</li>
<li>EnumerateClasses</li>
<li>EnumerateClassNames</li>
<li>GetQualifier</li>
<li>SetQualifier</li>
<li>DeleteQualifier</li>
<li>EnumerateQualifiers</li>
</ul>
<p>CIM instance operations let users work with the server resources modeled
by the Pegasus providers. These providers are implemented as server exit programs
(*SRVPGM) in <span class="keyword">i5/OS</span>, and
users require authorization to these service programs before they can use
them. All of the providers included in V5R3 ship with PUBLIC *USE authority,
except for the metric provider QSYS/QYCPCSMV, which is shipped with PUBLIC
*EXCLUDE authority. If any providers are added that are not shipped with PUBLIC
*USE authority, administrators must explicitly grant users authorization to
these objects.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlsecure.htm" title="Use this topic to find out about the options that are available for ensuring that the CIM server is secure.">Secure Pegasus</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />`
			`<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="task" />`
			`<meta name="DC.Title" content="Authorize Pegasus" />`
			`<meta name="abstract" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />`
			`<meta name="description" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />`
			`<meta name="DC.Relation" scheme="URI" content="rzatlsecure.htm" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="authorization" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Authorize Pegasus</title>`
			`</head>`
			`<body id="authorization"><a name="authorization"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Authorize Pegasus</h1>`
			`<div><p>A type of security check that is required for Pegasus on <span class="keyword">i5/OS™</span> is verifying that users have`
			`access to the objects they are trying to change. This process is called <dfn class="term">authorization</dfn>.</p>`
			`<div class="section"><p> In Pegasus, there are two types of operations that require users`
			`to have authorization to perform them: CIM class and qualifier operations,`
			`and CIM instance operations.</p>`
			`<p>CIM class and qualifier operations change`
			`the local copy of the CIM schema (for example, DeleteClass). Users need authorization`
			`to these operations before being able to use the operations listed in the`
			`following information with systems management data provided by CIM. These`
			`operations do not change any <span class="keyword">i5/OS</span> system`
			`objects, but because they do change the CIM schema exposed to clients, some`
			`authorization is required to use them. For the iSeries™ servers, authorization to these`
			`operations is controlled by Application Administration in iSeries Navigator.</p>`
			`<p>To`
			`work with authorization for CIM operations in Application Administration:</p>`
			`</div>`
			`<ol><li><span>Start iSeries Navigator.</span></li>`
			`<li><span>From <span class="uicontrol">My connections</span>, right-click the system`
			`you want to change.</span></li>`
			`<li><span>Select <span class="uicontrol">Application Administration</span>.</span></li>`
			`<li><span>Select <span class="uicontrol">Local Settings</span> (if available).</span></li>`
			`<li><span>Select <span class="uicontrol">Host Applications</span> tab.</span></li>`
			`<li><span>Expand <span class="uicontrol">CIMOM server</span>.</span></li>`
			`<li><span>Add or remove a user or groups authorization to the following operations.</span></li>`
			`</ol>`
			`<div class="section"><p>Application Administration allows users to be authorized to the`
			`following operations: </p>`
			`<ul><li>GetClass</li>`
			`<li>DeleteClass</li>`
			`<li>CreateClass</li>`
			`<li>ModifyClass</li>`
			`<li>EnumerateClasses</li>`
			`<li>EnumerateClassNames</li>`
			`<li>GetQualifier</li>`
			`<li>SetQualifier</li>`
			`<li>DeleteQualifier</li>`
			`<li>EnumerateQualifiers</li>`
			`</ul>`
			`<p>CIM instance operations let users work with the server resources modeled`
			`by the Pegasus providers. These providers are implemented as server exit programs`
			`(*SRVPGM) in <span class="keyword">i5/OS</span>, and`
			`users require authorization to these service programs before they can use`
			`them. All of the providers included in V5R3 ship with PUBLIC *USE authority,`
			`except for the metric provider QSYS/QYCPCSMV, which is shipped with PUBLIC`
			`*EXCLUDE authority. If any providers are added that are not shipped with PUBLIC`
			`*USE authority, administrators must explicitly grant users authorization to`
			`these objects.</p>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlsecure.htm" title="Use this topic to find out about the options that are available for ensuring that the CIM server is secure.">Secure Pegasus</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`