141 lines
7.3 KiB
HTML
141 lines
7.3 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Allow user domain objects" />
|
||
|
<meta name="abstract" content="This system value specifies whether to allow user domain objects and where these objects will be located." />
|
||
|
<meta name="description" content="This system value specifies whether to allow user domain objects and where these objects will be located." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvgensecsysval.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="allowuser" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Allow user domain objects</title>
|
||
|
</head>
|
||
|
<body id="allowuser"><a name="allowuser"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Allow user domain objects</h1>
|
||
|
<div><p>This system value specifies whether to allow user domain objects
|
||
|
and where these objects will be located.</p>
|
||
|
<div class="p">User domain objects can pose security risk since movement between these
|
||
|
objects cannot be monitored. Types of user domain objects include:<ul><li>User space (*USRSPC)</li>
|
||
|
<li>User index (*USRIDX)</li>
|
||
|
<li>User queue (*USRQ)</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p> Systems with high security requirements should restrict these user domain
|
||
|
objects to the system's temporary library (QTEMP). Other object types, program
|
||
|
(*PGM), server program (*SRVPGM), and SQL packages (*SQLPKG) can also be in
|
||
|
the user domain. However, the contents of these objects cannot be changed
|
||
|
directly and therefore are not impacted by these restrictions.</p>
|
||
|
<p>See <a href="#allowuser__quickref">Table 2</a> for an overview
|
||
|
of this system value. </p>
|
||
|
<div class="p">
|
||
|
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the use allow user domain
|
||
|
objects system value</caption><tbody><tr><td valign="top"><strong>iSeries™ Navigator </strong></td>
|
||
|
<td valign="top"><strong>Character-based interface</strong></td>
|
||
|
<td valign="top"><strong>Description</strong></td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">All libraries and directories</td>
|
||
|
<td valign="top">*ALL</td>
|
||
|
<td valign="top">Allows objects that are not able to be audited in all
|
||
|
libraries and directories. The server has multiple file systems. Libraries
|
||
|
are part of the QSYS file system and directories are part of a POSIX file
|
||
|
system. Directories are referred to as being part of the "root" or "QOpenSys"
|
||
|
file system.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">QTEMP library and in the following: All directories</td>
|
||
|
<td valign="top">*DIR</td>
|
||
|
<td valign="top">Allows objects that are not able to be audited in all
|
||
|
directories, in addition to the QTEMP library.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">QTEMP library and in the following: Selected libraries</td>
|
||
|
<td valign="top"><em>library-name</em></td>
|
||
|
<td valign="top">Allows you to specify libraries in which to allow objects
|
||
|
that cannot be audited. This system value indicates specific libraries that
|
||
|
may contain user domain versions of user objects. You may list up to 50 libraries.
|
||
|
If you specify a list of library names, applications that currently work with
|
||
|
user domain user objects may fail if they use objects in libraries not specified
|
||
|
in the list.</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
<p><strong>Relationship to security policy</strong></p>
|
||
|
<div class="p">
|
||
|
<div class="tablenoborder"><a name="allowuser__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="allowuser__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick Reference. Provides details
|
||
|
for the allow user domain objects system value.</caption><tbody><tr><td valign="top">iSeries Navigator name</td>
|
||
|
<td valign="top">Allow these objects in</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Character-based interface name</td>
|
||
|
<td valign="top">QALWUSRDMN</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Authority</td>
|
||
|
<td valign="top"><p>*ALLOBJ<br />
|
||
|
*SECADM</p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> The QSECOFR user profile is shipped with these authorities. </div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">How to access</td>
|
||
|
<td valign="top"><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> > <span class="uicontrol">Policies</span></span>.</li>
|
||
|
<li>Right click <strong>Security Policy</strong> and select <strong>Properties</strong>.</li>
|
||
|
<li>On the <strong>User Domain Objects</strong> page, you will find the options for
|
||
|
this system value.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
<div class="p"><strong>Character-based interface</strong><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QALWUSRDMN</samp>.</li>
|
||
|
</ol>
|
||
|
</div>
|
||
|
</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Changes take effect</td>
|
||
|
<td valign="top">Immediately.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Default value</td>
|
||
|
<td valign="top">All libraries and directories.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Recommended value</td>
|
||
|
<td valign="top">For most systems, the recommended value is *ALL. If
|
||
|
your system has a high security requirement, you should allow user domain
|
||
|
objects only in the QTEMP library.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top"><a href="rzamvlockdown.htm">Lockable</a></td>
|
||
|
<td valign="top">Yes.</td>
|
||
|
</tr>
|
||
|
<tr><td valign="top">Special considerations</td>
|
||
|
<td valign="top">Some systems have application software that need user
|
||
|
domain object types (*USRSPC, *USRIDX, or *USRQ). For those systems, set this
|
||
|
system value to use a library list that includes all the libraries used by
|
||
|
the application. All libraries that are defined with this system value, with
|
||
|
the exception of QTEMP, should have exclude (*EXCLUDE) public authority. This
|
||
|
limits the number of users to read or change the data in user domain objects
|
||
|
in these libraries.</td>
|
||
|
</tr>
|
||
|
</tbody>
|
||
|
</table>
|
||
|
</div>
|
||
|
</div>
|
||
|
<p>For more detailed information about this security value, see Chapter 3,
|
||
|
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>. </p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvgensecsysval.htm" title="General security system values provide the cornerstone for your security policy.">General security system values</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|