Security and user authority

The operating system determines which resources users might access based on information in their user profiles and the security strategy implemented for this system. Learn about security settings and how to manage user authorities efficiently.

Security is a critical part of iSeries™ operations. It is built into the operating system, and impacts nearly every function on the system. The iSeries security environment determines the commands and functions available to users, and the objects they can access.

Typically the security strategy restricts the objects a user can access. For systems with object-level security, there are several ways to provide authority to access objects. Often, user profiles will explicitly grant types of access to specific objects. To simplify the task of managing all these permissions, authorization lists can specify groups of objects, and users can be given access to these lists. Accessing these lists then provides access to all of the objects the list specifies.

The level of iSeries server security, and other more detailed security practices, often affect system operations. The following concepts are important for understanding user requirements in various security environments:

Security levels	The operating system operates in one of several predefined levels of security. The security level currently in effect determines the level of detail that user profiles must provide to grant appropriate access to system resources. This level of detail can range from simple password management to explicitly providing a level of access to each object that a user can read or change.
Security system values	Many more detailed aspects of system security are set by the system values. These system values set the security level, and grant or restrict options like adopted authority.
User profiles	The user profile contains most of the authorizations and preferences for individual users or groups. You can use iSeries Navigator to create and manage users and groups across the server.
Authorization lists	You can create authorization lists that specify groups of objects. Users and groups can then be authorized to this list, granting them authority to everything that list contains.

Also, security settings regarding policies and authorization lists are available in iSeries Navigator under Security.

Authority to access objects
Depending on the security level and other security settings, users might be given several levels of access to objects on the server.
Security levels
The operating system operates in one of several predefined levels of security. The security level currently in effect determines the level of detail that user profiles must provide to grant appropriate access to system resources. This level of detail can range from simple password management to explicitly providing a level of access to each object that a user can read or change.
User profiles
The user profile contains most of the authorizations and preferences for individual users or groups. With iSeries Navigator, you can create and manage users and groups across the server.
Authorization lists
The task of granting each user authority to every separate object to which the user needs access can be time-consuming and complex. You can simplify this process by creating authorization lists that specify groups of objects. Users and groups can then be authorized to this list, granting them authority to everything that list contains.

Parent topic: i5/OS concepts

Related concepts

System values