This topic provides users with basic security terminology.
- Object
- An object is
a named space on the system that you or an application can manipulate. Everything
on the system that you or an application can work with is considered an object.
Objects provide a common interface for working with system components. The
most common examples of objects are files and programs. Other types of objects
include commands, queues, libraries, and folders. Objects on the system are
identified by object name, object type, and the library in which the object
resides. You can secure each object on the system.
- Library
- A library is a special type of object that is used to group other objects.
Many objects on the system reside in a library. Libraries are essentially
containers, or organizational structures for other objects, and you can use
them to reference other objects on your system. Libraries might contain many
objects, and might be associated with a specific user profile or application.
QSYS, which contains all other libraries on the system, is the only library
that can contain other libraries. Objects in a library are handled like objects
in a subdirectory. A library cannot live inside a directory.
- Directory
- A directory is
a special object that provides another way to group objects on the system.
Objects can reside in a directory and a directory can reside in another directory,
forming a hierarchical structure. Each file system is a major subtree in the integrated
file system directory structure. Directories are different from libraries
in that the address of each library maps to the QSYS library while directories
are not addressable. Names of libraries are restricted to 10 characters while
directories can have longer names which might be case sensitive. Directories
can have multiple names because the path to the directory is what is named
and not the directory itself. You would use different commands and authority
requirements when working with directories and libraries.
- User profile
- Every system user must have a user identity before they can sign on to
and use a system. This user identity is a special object called a user
profile, which only an administrator with appropriate system authority
can create for a user.
- Special authority
- Special authority determines
whether the user is allowed to perform system functions, such as creating
user profiles or changing the jobs of other users.
- Physical security
- Physical security includes
protecting the system unit, system devices, and backup media from accidental
or deliberate damage. Most measures you take to ensure the physical security
of your system are external to the system. Certain system models are equipped
with a keylock that prevents unauthorized functions at the system unit.
- Application security
- Application security deals
with the applications you store on your system and how you will
protect those applications while simultaneously allowing users access to them.
- Resource security
- Resource security on
the system allows you to define who can use objects and how objects can be
used. The ability to access an object is called authority. When you
set up object authority, you need to be careful to give your users enough
authority to do their work without giving them the ability to browse and change
the system. Object authority gives permissions to the user for a specific
object and can specify what the user is allowed to do with the object. An
object resource can be limited through specific, detailed user authorities
such as adding records or changing records. System resources can be used to
give the user access to specific system-defined subsets of authorities: *ALL,
*CHANGE, *USE, and *EXCLUDE. System values and user profiles control who has
access to your system and prevent unauthorized users from signing on. Resource
security controls the actions that authorized system users can perform, and
the objects that they can access after they have signed on successfully. Resource
security supports the main goals of security on your system to protect:
- Confidentiality of information
- Accuracy of information to prevent unauthorized changes
- Availability of information to prevent accidental or deliberate damage
- Security policy
- A security policy allows
you to implement and manage security on an i5/OS™ system. Use the eServer™ Security
Planner to help you plan for and implement a basic security policy
for your servers.