150 lines
8.9 KiB
HTML
150 lines
8.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
<!DOCTYPE html
|
|||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|||
|
<html lang="en-us" xml:lang="en-us">
|
|||
|
<head>
|
|||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|||
|
<meta name="security" content="public" />
|
|||
|
<meta name="Robots" content="index,follow" />
|
|||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|||
|
<meta name="DC.Type" content="concept" />
|
|||
|
<meta name="DC.Title" content="Plan user profiles" />
|
|||
|
<meta name="abstract" content="This topic describes the purpose of user profiles and how to design them." />
|
|||
|
<meta name="description" content="This topic describes the purpose of user profiles and how to design them." />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvplanusersec.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvsysresponsworksheet.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvuserprofworksheet.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvuserprof.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvcreategrpuserprof.htm" />
|
|||
|
<meta name="DC.Relation" scheme="URI" content="rzamvcreatenongrpuserprof.htm" />
|
|||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|||
|
<meta name="DC.Format" content="XHTML" />
|
|||
|
<meta name="DC.Identifier" content="planuserprof" />
|
|||
|
<meta name="DC.Language" content="en-us" />
|
|||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|||
|
<!-- US Government Users Restricted Rights -->
|
|||
|
<!-- Use, duplication or disclosure restricted by -->
|
|||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|||
|
<title>Plan user profiles</title>
|
|||
|
</head>
|
|||
|
<body id="planuserprof"><a name="planuserprof"><!-- --></a>
|
|||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|||
|
<h1 class="topictitle1">Plan user profiles</h1>
|
|||
|
<div><p>This topic describes the purpose of user profiles and how to design
|
|||
|
them.</p>
|
|||
|
<p>A user profile contains security-related information that controls how
|
|||
|
the user signs on the system, what the user is allowed to do after signing
|
|||
|
on, and how the user’s actions are audited.</p>
|
|||
|
<p>Now that you have decided on your overall security strategy and have planned
|
|||
|
user groups, you are ready to plan individual user profiles.</p>
|
|||
|
<div class="p">Consider the following issues when planning user profiles: <ul><li>Naming considerations for user profiles</li>
|
|||
|
<li>Responsibilities assigned to individual users</li>
|
|||
|
<li>Values for each user</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<div class="p">Complete these worksheets to plan user profiles: <ul><li>Individual user profile worksheet</li>
|
|||
|
<li>System responsibilities worksheet</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<div class="p">Refer to these completed worksheets when planning for user profiles: <ul><li><a href="rzamvusergrpdescworksheet.htm#usergrpdescworksheet">User group description worksheet</a></li>
|
|||
|
<li><a href="rzamvnamingworksheet.htm#namingworksheet">Naming Conventions
|
|||
|
worksheet</a></li>
|
|||
|
<li>Your <a href="rzamvappdescworksheet.htm#appdescworksheet">application
|
|||
|
description worksheet</a></li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Naming user profiles</h4><div class="p">Your user profile name is how
|
|||
|
you are identified to the system. You enter your user profile name in the
|
|||
|
User ID field of the Sign On display. Any work you do and printer output you
|
|||
|
create is associated with your user profile name. Consider these things when
|
|||
|
deciding how to name user profiles: <ul><li>A user profile name can be up to 10 characters long. Some communications
|
|||
|
methods limit the user ID to 8 characters.</li>
|
|||
|
<li>A user profile name may include letters, numbers, and the special characters:
|
|||
|
pound (#), dollar ($), underline (_), and the at sign (@). It may not begin
|
|||
|
with a number or underline (_).</li>
|
|||
|
<li>The system does not distinguish between uppercase and lowercase letters
|
|||
|
in a user profile name. If you enter lowercase alphabetic characters, the
|
|||
|
system translates them to uppercase characters.</li>
|
|||
|
<li>The displays and lists you use to manage user profiles show them in alphabetical
|
|||
|
order by user profile name.</li>
|
|||
|
<li>All IBM-supplied profiles begin with the letter Q. To keep your profiles
|
|||
|
separate from IBM-supplied profiles, avoid assigning user profile names that
|
|||
|
begin with the character Q.</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<div class="remember"><span class="remembertitle">Remember:</span> One technique for assigning user profile
|
|||
|
names is to use the first 7 characters of the last name followed by the first
|
|||
|
character of the first name. This method makes user profile names easy to
|
|||
|
remember. Also, your lists and displays are then sequenced alphabetically
|
|||
|
by last name.</div>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Roles of the User Profile</h4><div class="p">The user profile has several
|
|||
|
roles on the system: <ul><li>It contains security-related information that controls how the user signs
|
|||
|
on the system, what the user is allowed to do after signing on, and how the
|
|||
|
user’s actions are audited.</li>
|
|||
|
<li>It contains information that is designed to customize the system and adapt
|
|||
|
it to the user.</li>
|
|||
|
<li>It is a management and recovery tool for the operating system. The user
|
|||
|
profile contains information about the objects owned by the user and all the
|
|||
|
private authorities to objects.</li>
|
|||
|
<li>The user profile name identifies the user’s jobs and printer output.</li>
|
|||
|
</ul>
|
|||
|
</div>
|
|||
|
<p>If the QSECURITY system value on your system is 20 or higher,
|
|||
|
a user profile must exist before a user can sign on.</p>
|
|||
|
</div>
|
|||
|
<div class="section"><h4 class="sectiontitle">Example: Naming Convention Worksheet for User Profile</h4>
|
|||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Example: Naming Convention Worksheet: User
|
|||
|
Profiles</caption><thead align="left"><tr><th valign="top" id="d0e98">User Name</th>
|
|||
|
<th valign="top" id="d0e100">User Profile Name</th>
|
|||
|
</tr>
|
|||
|
</thead>
|
|||
|
<tbody><tr><td valign="top" headers="d0e98 ">Anderson, George</td>
|
|||
|
<td valign="top" headers="d0e100 "><kbd class="userinput">ANDSERSOG</kbd></td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e98 ">Anderson, Roger</td>
|
|||
|
<td valign="top" headers="d0e100 "><kbd class="userinput">ANDERSOR</kbd></td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e98 ">Jones, Sharon</td>
|
|||
|
<td valign="top" headers="d0e100 "><kbd class="userinput">JONESS</kbd></td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e98 "><span class="uicontrol">Type of Object</span></td>
|
|||
|
<td valign="top" headers="d0e100 "><span class="uicontrol">Naming Convention</span></td>
|
|||
|
</tr>
|
|||
|
<tr><td valign="top" headers="d0e98 ">User profiles</td>
|
|||
|
<td valign="top" headers="d0e100 "><kbd class="userinput">Use the first 7 characters of the user's
|
|||
|
last name, followed by the first character of the user's first name. Descriptions
|
|||
|
of the user profile will be last name, first name.</kbd></td>
|
|||
|
</tr>
|
|||
|
</tbody>
|
|||
|
</table>
|
|||
|
</div>
|
|||
|
<p>Describe how you plan to name user profiles on the Naming Conventions
|
|||
|
worksheet, then you can determine who should be responsible for system functions
|
|||
|
and choose values for each user.</p>
|
|||
|
<p>For more information on user profiles,
|
|||
|
see <span class="q">"Using the Create User Profile Command"</span> in the <a href="../rzahg/rzahgsecref.htm">iSeries™ Security Reference</a>.</p>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<ul class="ullinks">
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvsysresponsworksheet.htm">System responsibilities worksheet</a></strong><br />
|
|||
|
This topic describes the system responsibilities worksheet.</li>
|
|||
|
<li class="ulchildlink"><strong><a href="rzamvuserprofworksheet.htm">User profile worksheet</a></strong><br />
|
|||
|
This topic describes the individual user profile worksheet.</li>
|
|||
|
</ul>
|
|||
|
|
|||
|
<div class="familylinks">
|
|||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplanusersec.htm" title="Planning user security includes planning all areas where security affects the users on your system.">Plan user security</a></div>
|
|||
|
</div>
|
|||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|||
|
<div><a href="rzamvuserprof.htm" title="Every system user must have a user identity before they can sign on to and use a system. This user identity is called a user profile.">User profiles</a></div>
|
|||
|
<div><a href="rzamvcreategrpuserprof.htm" title="This topic describes how to create profiles for individual users.">Create profiles for users in the group</a></div>
|
|||
|
<div><a href="rzamvcreatenongrpuserprof.htm" title="Copy the first individual user profile to create additional members in the group. Look at each individual profile carefully when you create it with the copy method.">Create profiles for users not in a group</a></div>
|
|||
|
</div>
|
|||
|
</div>
|
|||
|
</body>
|
|||
|
</html>
|