97 lines
8.9 KiB
HTML
97 lines
8.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
|
<!DOCTYPE html
|
|||
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
|
<head>
|
|||
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
|
<meta name="security" content="public" />
|
|||
|
|
<meta name="Robots" content="index,follow" />
|
|||
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
|
<meta name="DC.Type" content="concept" />
|
|||
|
|
<meta name="DC.Title" content="Create an authorization list" />
|
|||
|
|
<meta name="abstract" content="This article describes the task, create an authorization list, explains why it is important, and provides step-by-step instructions." />
|
|||
|
|
<meta name="description" content="This article describes the task, create an authorization list, explains why it is important, and provides step-by-step instructions." />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvsetrscsec.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvsecureobjauthlist.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvaddusersauthlist.htm" />
|
|||
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvauthlists.htm" />
|
|||
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
|
<meta name="DC.Identifier" content="createauthlist" />
|
|||
|
|
<meta name="DC.Language" content="en-us" />
|
|||
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
|
<!-- US Government Users Restricted Rights -->
|
|||
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
|
<title>Create an authorization list</title>
|
|||
|
|
</head>
|
|||
|
|
<body id="createauthlist"><a name="createauthlist"><!-- --></a>
|
|||
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
|
<h1 class="topictitle1">Create an authorization list</h1>
|
|||
|
|
<div><p>This article describes the task, create an authorization list, explains why it is important, and provides step-by-step instructions.</p>
|
|||
|
|
<p>After you set up ownership and public authority, you are ready to set up authorization lists. Using information from your Authorization List forms, create any authorization lists that are necessary to secure the library.</p>
|
|||
|
|
<div class="p">Use the Create Authorization List (CRTAUTL) command: <ol><li>Type CRTAUTL and press F4 (Prompt).</li>
|
|||
|
|
<li>Fill in the information from your Authorization List form.</li>
|
|||
|
|
<li>Press F10 (Additional parameters).</li>
|
|||
|
|
<li>Use the authority parameter to specify the public authority for objects that are secured by the list.</li>
|
|||
|
|
<li>Check for confirmation messages.</li>
|
|||
|
|
</ol>
|
|||
|
|
</div>
|
|||
|
|
|
|||
|
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e37">Possible error</th>
|
|||
|
|
<th valign="bottom" id="d0e39">Recovery</th>
|
|||
|
|
</tr>
|
|||
|
|
</thead>
|
|||
|
|
<tbody><tr><td valign="top" headers="d0e37 ">You typed the name of the list incorrectly.</td>
|
|||
|
|
<td valign="top" headers="d0e39 ">You cannot change the name of a list, once the system has created it. Delete the list (DLTAUTL) and try again.</td>
|
|||
|
|
</tr>
|
|||
|
|
<tr><td valign="top" headers="d0e37 ">You forgot to specify the public authority for the list.</td>
|
|||
|
|
<td valign="top" headers="d0e39 ">Use the Edit Authorization List (EDTAUTL) command.</td>
|
|||
|
|
</tr>
|
|||
|
|
</tbody>
|
|||
|
|
</table>
|
|||
|
|
</div>
|
|||
|
|
<div class="p">To use this function, perform the following steps: <ol><li>From iSeries™ Navigator, expand your server Security. You will see Authorization Lists and Policies.</li>
|
|||
|
|
<li>Right-click Authorization Lists and select New Authorization List. The New Authorization List allows you to do the following:<ul><li><dfn class="term">Use</dfn>: Allows access to the object attributes and use of the object. The public may view, but not change the objects.</li>
|
|||
|
|
<li><dfn class="term">Change</dfn>: Allows the contents of the object, with some exceptions, to be changed.</li>
|
|||
|
|
<li><dfn class="term">All</dfn>: Allows all operations on the object, except those that are limited to the owner. The user or group can control the object’s existence, specify the security for the object, change the object, and perform basic functions on the object. The user or group can also change ownership of the object.</li>
|
|||
|
|
<li><dfn class="term">Exclude</dfn>: All operations on the object are prohibited. No access or operations are allowed to the object for the users and groups having this permission. Specifies the public is not allowed to use the object.</li>
|
|||
|
|
</ul>
|
|||
|
|
</li>
|
|||
|
|
</ol>
|
|||
|
|
When working with authorization lists you will want to grant permissions for both objects and data.</div>
|
|||
|
|
<div class="p">Object permissions you can choose are:<ul><li><dfn class="term">Operational</dfn>: Provides the permission to look at the description of an object and use the object as determined by the data permission that the user or group has to the object.</li>
|
|||
|
|
<li><dfn class="term">Management</dfn>: Provides the permission to specify the security for the object, move or rename the object, and add members to the database files.</li>
|
|||
|
|
<li><dfn class="term">Existence</dfn>: Provides the permission to control the object’s existence and ownership. The user or group can delete the object, free storage of the object, perform save and restore operations for the object, and transfer ownership of the object. If a user or group has special save permission, the user or group does not need object existence permission.</li>
|
|||
|
|
<li><dfn class="term">Alter</dfn> (used only for database files and SQL packages): Provides the permission needed to alter the attributes of an object. If the user or group has this permission on a database file, the user or group can add and remove triggers, add and remove referential and unique constraints, and change the attributes of the database file. If the user or group has this permission on an SQL package, the user or group can change the attributes of the SQL package. This permission is currently used only for database files and SQL packages.</li>
|
|||
|
|
<li><dfn class="term">Reference</dfn> (used only for database files and SQL packages): Provides the permission needed to reference an object from another object such that operations on that object may be restricted by the other object. If the user or group has this permission on a physical file, the user or group can add referential constraints in which the physical file is the parent. This permission is currently used only for database files.</li>
|
|||
|
|
</ul>
|
|||
|
|
Data permissions you can choose are:<ul><li><dfn class="term">Read</dfn>: Provides the permission needed to get and display the contents of the object, such as viewing records in a file.</li>
|
|||
|
|
<li><dfn class="term">Add</dfn>: Provides the permission to add entries to an object, such as adding messages to a message queue or adding records to a file.</li>
|
|||
|
|
<li><dfn class="term">Update</dfn>: Provides the permission to change the entries in an object, such as changing records in a file.</li>
|
|||
|
|
<li><dfn class="term">Delete</dfn>: Provides the permission to remove entries from an object, such as removing messages from a message queue or deleting records from a file.</li>
|
|||
|
|
<li><dfn class="term">Execute</dfn>: Provides the permission needed to run a program, service program or SQL package. The user can also locate an object in a library or directory.</li>
|
|||
|
|
</ul>
|
|||
|
|
</div>
|
|||
|
|
<p>You can now secure objects with an authorization list.</p>
|
|||
|
|
</div>
|
|||
|
|
<div>
|
|||
|
|
<ul class="ullinks">
|
|||
|
|
<li class="ulchildlink"><strong><a href="rzamvsecureobjauthlist.htm">Secure objects with an authorization list</a></strong><br />
|
|||
|
|
Once you create an authorization list, use the Edit Object Authority (EDTOBJAUT) command to secure the items listed on your Authorization List form:</li>
|
|||
|
|
<li class="ulchildlink"><strong><a href="rzamvaddusersauthlist.htm">Add users to an authorization list</a></strong><br />
|
|||
|
|
Once you secure objects with an authorization list, use the Edit Authorization List (EDTAUTL) command to add the users listed on your Authorization list form:</li>
|
|||
|
|
</ul>
|
|||
|
|
|
|||
|
|
<div class="familylinks">
|
|||
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsetrscsec.htm" title="This information helps you establish resource security for workstations and printers by setting ownership and public authority to objects, as well as specific authority to applications.">Implement resource security</a></div>
|
|||
|
|
</div>
|
|||
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|||
|
|
<div><a href="rzamvauthlists.htm" title="Like a group profile, an authorization list allows you to group objects with similar security requirements and associate the group with a list of users and user authorities.">Authorization lists</a></div>
|
|||
|
|
</div>
|
|||
|
|
</div>
|
|||
|
|
</body>
|
|||
|
|
</html>
|