Limit access to program functions

The limit access to program function allows you to define who can use an application, the parts of an application, or the functions within a program.

The limit access to program function allows you to provide security for the program when you do not have an object to secure for the program. There are two methods that you can use to manage user access to application functions through iSeries™ Navigator.

The first method uses Application Administration:
  1. Right-click the system that contains the function whose access setting you want to change.
  2. Select Application Administration.
  3. If you are on an administration system, select Local Settings. Otherwise, continue with the next step.
  4. Select an administrable function.
  5. Select Default Access to allow all users to access the function by default.
  6. Select All Object Access to allow all users with all object system privilege to access this function.
  7. Select Customizeand use the Add and Remove buttons on the Customize Access dialog to add or remove users or groups in the Access Allowed and Access Denied lists.
  8. Select Remove Customization to delete any customized access for the selected function.
  9. Click OK to close the Application Administration dialog.
The second method of managing user access uses iSeries Navigator’s Users and Groups:
  1. In iSeries Navigator, expand Users and Groups.
  2. Select All Users, Groups, or Users Not in a Group to display a list of users and groups.
  3. Right-click a user or group, and select Properties.
  4. Click Capabilities.
  5. Click the Applications tab.
  6. Use this page to change the access setting for a user or group.
  7. Click OK twice to close the Properties dialog.
Important: The limit access to program function does not prevent a user from accessing a resource, such as a file or program, from another interface. You still need to use resource security.
The limit access to program function support provides APIs to:

To use this function within an application, the application provider must register the functions when the application is installed. The registered function corresponds to a code block for specific functions in the application. When the user runs the application, the application calls the check usage API to see if the user is allowed to use the function that is associated with the code block, before invoking the code block. If the user is allowed to use the registered function, the code block is run. If the user is not allowed to use the function, the user is prevented from running the code block.

The system administrator specifies who is allowed or denied access to a function. The administrator can either use the Work with Function Usage Information (WRKFCNUSG) command to manage the access to program function, or the iSeries Navigator.

Parent topic: Set up user security