ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvrevokepubauthcmd.htm

126 lines
5.6 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Functions of the Revoke Public Authority command" />
<meta name="abstract" content="You can use the Revoke Public Authority (RVKPUBAUT) command to set the public authority to *EXCLUDE for a set of commands and programs." />
<meta name="description" content="You can use the Revoke Public Authority (RVKPUBAUT) command to set the public authority to *EXCLUDE for a set of commands and programs." />
<meta name="DC.Relation" scheme="URI" content="rzamvtoolsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvrevokepubauthcust.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="revokepubauthcmd" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Functions of the Revoke Public Authority command</title>
</head>
<body id="revokepubauthcmd"><a name="revokepubauthcmd"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Functions of the Revoke Public Authority command</h1>
<div><p>You can use the Revoke Public Authority (RVKPUBAUT) command to
set the public authority to *EXCLUDE for a set of commands and programs.</p>
<div class="section"><h4 class="sectiontitle">Commands and APIs whose public authority are set by the RVKPUBAUT
command</h4> The RVKPUBAUT command runs a program that is called QSYS/QSECRVKP.
As it is shipped, the QSECRVKP revokes public authority (by setting public
authority to *EXCLUDE) for the commands that are listed in the table below
and the application programming interfaces (APIs) that are listed in Table
12. When your system arrives, these commands and APIs have their public authority
set to *USE. </div>
<div class="section">The commands and the APIs that are listed in the tables all perform
functions on your system that may provide an opportunity for mischief. As
security administrator, you should explicitly authorize users to run these
commands and programs rather than make them available to all system users. </div>
<div class="section">When you run the RVKPUBAUT command, you specify the library that
contains the commands. The default is the QSYS library. If you have more than
one national language on your system, you need to run the command for each
QSYSxxx library.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Setting public authority</caption><thead align="left"><tr valign="bottom"><th colspan="3" valign="bottom" id="d0e29">Using the RVKPUBAUT command </th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="33.33333333333333%" headers="d0e29 "><p>ADDAJE<br />
ADDCFGLE<br />
ADDCMNE<br />
ADDJOBQE<br />
ADDPJE<br />
ADDRTGE<br />
ADDWSE<br />
CHGAJE<br />
CHGCFGL<br />
CHGCFGLE<br />
CHGCMNE<br />
CHGCTLAPPC<br />
CHGDEVAPPC</p>
</td>
<td align="left" valign="top" width="33.33333333333333%" headers="d0e29 "><p>CHGJOBQE <br />
CHGPJE<br />
CHGRTGE<br />
CHGSBSD<br />
CHGWSE<br />
CPYCFGL<br />
CRTCFGL<br />
CRTCTLAPPC<br />
CRTDEVAPPC<br />
CRTSBSD<br />
ENDRMTSPT<br />
RMVAJE<br />
RMVCFGLE</p>
</td>
<td valign="top" width="33.33333333333333%" headers="d0e29 "><p>RMVCMNE<br />
RMVJOBQE<br />
RMVPJE<br />
RMVRTGE<br />
RMVWSE<br />
RSTLIB<br />
RSTOBJ<br />
RSTS36F<br />
RSTS36FLR<br />
RSTS36LIBM<br />
STRRMTSPT<br />
STRSBS<br />
WRKCFGL</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. Setting public authority</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e49">Using the RVKPUBAUT command</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e49 "><p>QTIENDSUP<br />
QTISTRSUP<br />
QWTCTLTR<br />
QWTSETTR<br />
QY2FTML</p>
</td>
</tr>
</tbody>
</table>
</div>
When you run the RVKPUBAUT command, the system sets the public authority
for the root directory to *USE (unless it is already *USE or less).</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvrevokepubauthcust.htm">Customize the program</a></strong><br />
If some of these settings are not appropriate for your installation, you can create your own version of the program that processes the command.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtoolsecurity.htm" title="This information describes how to set up your system to use the security tools that are part of i5/OS.">Configure the system to use security tools</a></div>
</div>
</div>
</body>
</html>