iSeries™ Navigator can help you as a system administrator to keep track of the users, groups, and their level of privileges on one or more endpoint systems.
For more information about these and other Management Central tasks and topics, refer to the detailed task help that is available from the iSeries Navigator window. Click Help from the menu bar and select .
The following list gives you an idea of the many ways in which iSeries Navigator can make your job easier.
| Create a user definition | You can create a user definition and then create multiple users across
multiple systems based on the definition. First, create user definitions for
the types of users on your systems. Then, when a request comes in for a new
user, all special authorities, attributes, and other information common to
that type of user are already stored in the user definition. You can even
specify a command to be run after a user is created from a user definition!
If you need assistance in entering or selecting an i5/OS™ command, you can click Prompt to
select appropriate parameters and values. When you create a new user from the user definition, you specify the name for the user, a brief description to help you identify this user in a list of users, and a new password for the user. All other properties of the new user are based on the properties stored in the user definition, unless you choose to change them. You may also select the groups the user should belong to and provide personal information about the user at the time the user is created. |
|---|---|
| Create, edit, and delete users and groups | You can create, edit, and delete users and groups across multiple endpoint
systems or system groups--and even schedule these actions. For example, use
the Edit Users function to change the properties for one or more users on
the selected endpoint systems or system groups. If you need to change the
authority level for several users on multiple systems, or if a user who has
access to multiple systems changes his or her name, you can easily edit that
information and apply the change to all systems. When you use iSeries Navigator to delete users, you can select an action to be taken if any of the selected users owns objects on any system from which that user is being deleted. You can click Scan for Owned Objects to see what objects the selected users own on the selected endpoint systems or across the selected system groups. |
| Collect an inventory | You can collect an inventory of the users and groups on one or more
endpoint systems, and then view, search, or export that inventory to a PC
file. Extensive advanced search capabilities are provided for easy searching.
For example, you can search the inventory to see who has Security Officer
privileges, as well as query other profile properties. Also, you can sort
these inventory lists by clicking on any column heading. For example, you
can group together all users in the inventory who have Security Officer privileges
by clicking the Privilege Class heading. You can perform various actions from the User Inventory list by right-clicking one or more users and selecting an action from the menu. For example, you can delete a user, edit a user, view its properties, or scan for objects owned by a user. You can do similar actions with groups by selecting Group Inventory for an endpoint system. It is recommended that you schedule collection of users and groups inventory on a recurring basis to keep your central system's inventory current. Changes that you make to the user or group inventory on an endpoint system or system group under Management Central are automatically updated in the current central system's inventory. |
| Send users and groups | You can send users and groups from one system to multiple endpoint
systems or system groups. All the user properties you need are sent to the
target systems, including the user name and passwords (LAN server password
as well as the i5/OS password),
security settings, private authorities, Enterprise Identity Mapping (EIM)
associations, and mail options. If the user has an entry in the system distribution
directory on the source system, an entry is created (or updated) for that
user on the target system. You can also specify the action to be taken if any user in the list that you are sending already exists on the target system. When you are sending users, you can select not to change the user that already exists, or you can select to update the existing user with the settings from the user you are sending. When you are sending users, you can click Advanced to specify advanced send options. The advanced send options include specifying the mail system for the user and synchronizing the unique identifier of the user on the target system based on the user identifier of the user being sent. To send users or groups from one system to another, you must also have save/restore (*SAVSYS) authority. |
| Scan for owned objects | You can scan for owned objects to find out what objects a user or group owns across multiple endpoint systems or system groups, and you can even scan for objects owned by multiple users simultaneously. |
| Synchronize unique identifiers | You can synchronize the unique identifiers of users and groups across
multiple endpoint systems to ensure that each of these numbers points to the
same user on every system. This is especially important when you are working
with systems in a clustering environment or a system with logical partitions.
The user identification and group identification numbers are another way of
identifying a user or group to a program. For example, the user identification
and group identification numbers are used by programming interfaces in the
integrated file systems environment. You can choose to synchronize unique identifiers when you create new users or groups, when you edit users or groups, or when you send users or groups from one system to another. Be sure to keep your user and group inventories current if you are synchronizing unique identifiers when you create or edit users or groups. |