Packet rules: User authority requirements

Before you can administer packet rules on your iSeries™ server, ensure that you have the access authorities.

You must have *IOSYSCFG special authority in your user profile. If you plan to administer packet rules from the QSECOFR user ID, or from a user ID of type, *SECOFR, or you have *ALLOBJ authority, you have the correct authority. If you do not have the correct user ID or *ALLOBJ authority, you must have authority to the following directories, files and QSYS user ID:

  1. Add object authority, *RXW, and data authority, OBJMGT, to these three files:
    /QIBM/ProdData/OS400/TCPIP/PacketRules/Template4PacketRules.i3p 
    /QIBM/ProdData/OS400/TCPIP/PacketRules/Template4PacketRules.txt
    /QIBM/ProdData/OS400/TCPIP/PacketRules/Template4PacketRules.tcpipml
  2. Add Object authority, *RWX, to the following directories:
    /QIBM/UserData/OS400/TCPIP/PacketRules
    /QIBM/UserData/OS400/TCPIP/OpNavRules
  3. Add Object authority, *RWX, to the following files:
    /QIBM/UserData/OS400/TCPIP/OpNavRules/VPNPolicyFilters.i3p
    /QIBM/UserData/OS400/TCPIP/OpNavRulesPPPFilters.i3p
  4. You will also need ADD authority to the QSYS profile, because QSYS owns the newly created rules files.

These are the default directories and files that the Packet Rules Editor uses. If you choose to store your files in directories other than those in the preceding list, you will need authority to those directories.