Plan resource security

This topic describes each of the components of resource security and how they all work together to protect information on your system. It also explains how to use CL commands and displays to set up resource security on your system.

Resource security defines which users are allowed to use objects on the system and what operations they are allowed to perform on those objects.

Defining Who Can Access Information

You can give authority to individual users, groups of users, and the public.
Note: In some environments, a user’s authority is referred to as a privilege.
You define who can use an object in several ways: See Plan object authority for more object authority information.

Planning resource security

Now that you have completed the process for planning users on your system, you can plan the resource security which protects objects on the system. In Resource security you learn how to set up resource security on your system.

System values and user profiles control who has access to your system and prevent unauthorized users from signing on. Resource security controls the actions that authorized system users can perform after they have signed on successfully. Resource security supports the main goals of security on your system to protect: You may plan resource security differently, depending on whether your company develops applications or purchases them. For applications you develop, you should communicate the requirements for security of the information to the programmer during the application design process. When you purchase applications, you need to determine your security needs and match those needs with the way your provider has designed your applications. The techniques described here should help you in both cases.

This information provides a basic approach to planning resource security. It introduces the main techniques and shows how you can use them. The methods described here will not necessarily work for every company and every application. Consult your programmer or application provider as you plan resource security.

The following sections are provided to help you plan resource security: [list of active links to children]
The following planning forms are helpful when planning system level security:
Determining your objectives for your resource security: To begin to plan resource security, you must first understand your objectives. The system provides flexible implementation of resource security. It gives you the power to protect critical resources exactly the way you want. But resource security also introduces additional overhead to your applications. For example, whenever an application needs an object, the system must check the user’s authority to that object. You must balance your need for confidentiality against the cost of performance. As you make resource security decisions, weigh the value of security against its cost. To prevent resource security from degrading the performance of your applications, follow these guidelines: Begin your resource security planning by defining your objectives. You can define your security objectives on either the Application Description form or the Library Description form. The form that you use depends on how your information is organized in libraries.

Planning security for workstations: After planning resource security for printers and printer output, you can begin planning workstation security. On your Physical Security Plan, you listed workstations that represent a security risk because of their location. Use this information to determine which workstations you need to restrict.

You can encourage the people who use these workstations to be particularly aware of security. They should sign off whenever they leave their workstations. You may want to record your decision about sign off procedures for vulnerable workstations in your security policy. You can also limit which functions can be performed at those workstations to minimize the risks.

The easiest method for limiting function at a workstation is to restrict it to user profiles with limited function. You may choose to prevent people with security officer or service authority from signing on at every workstation. If you use the QLMTSECOFR system value to do this, people with security officer authority can sign on only at specifically authorized workstations. Prepare the workstation portion of the Output Queue and Workstation Security form.

Summary of resource security recommendations: After you finish planning workstation security, you can review the following resource security recommendations. The system offers many options for protecting the information on your system. This gives you the flexibility to design the resource security plan that is best for your company. But this wealth of options can also be confusing. This information demonstrated a basic approach to planning resource security that uses these guidelines: To ensure that you have planned successfully for setting up resource security, you should have gathered the following information: Now you are ready to plan your application installation.

End of Step 3 for planning a security strategy; provide link to next step: Plan network security

Related concepts
Resource security