Specifies where to allow user domain objects that bypass authority checking and cannot be audited. (QALWUSRDMN)
Allow these objects in . . ., also known as QALWUSRDMN, is a member of the security category of i5/OS™ system values. You can use this system value to specify where to allow user domain objects that bypass authority checking and cannot be audited. To learn more, keep reading.
| Quick reference | |
|---|---|
| Location | In iSeries™ Navigator, select your system, |
| Special authority | All object (*ALLOBJ) and security administrator (*SECADM) |
| Default value | All libraries and directories |
| Changes take effect | Immediately |
| Lockable | Yes Lock function of security-related system values (Click for details) |
What can I do with this system value?
You may select where to allow user domain objects that cannot be audited. If your system has a high security requirement, you should allow only user domain objects of type *USRSPC, *USRIDX and *USRQ in QTEMP. These objects are the user domain object types that are not auditable. At security level 50, the QTEMP library cannot be used to pass data between jobs. The following are possible options:
- All libraries and directories (*ALL)
- Allows objects that are not auditable in all libraries and directories. The server has multiple file systems. Libraries are part of the QSYS file system, and directories are part of a POSIX file system. Directories are referred to as being part of the "root" or "QOpenSys" file system.
- QTEMP library and in the following
- Allows you to specify where to allow objects that are not auditable, in
addition to the QTEMP library. You may select one of the following:
- All directories (*DIR)
- Allows objects that are not auditable in all directories, in addition to the QTEMP library.
- Selected libraries
- Allows you to specify libraries in which to allow objects that are not
auditable. This system value indicates specific libraries that may contain
user domain versions of user objects. You may list up to 50 libraries. If
you specify a list of library names, applications that currently work with
user domain user objects may fail if they use objects in libraries not specified
in the list.
- library-name
- Specifies the name of the library that you want to add. You can type a library name or use the Browse button to locate a library.
- Selected libraries
- Specifies the libraries that may contain objects that are not audited.Note: To reduce a possible security exposure, create the library in the system disk pool, in a basic user disk pool or in all the independent disk pools before adding it to this system value. Also, give the library a public authority of *EXCLUDE.
Where can I get more information about this system value?
To learn more, go to the security system values overview topic. If you are looking for a specific system value or category of system values, try using the i5/OS system value finder.