This system value determines whether or not to allow access to shared memory, or use mapped memory stream files.
This controls how users, particularly application developers, use application programmable interfaces (APIs) that deal with sharing memory or mapped memory stream files. Your environment may contain applications, each running different jobs, but sharing pointers within these applications. Using these APIs provides for better application performance and streamlines the application development by allowing shared memory and stream files among these different applications and jobs. However, use of these APIs could potentially pose a risk to your system and assets. A programmer would have write access and could add, change, and delete entries in the shared memory or stream file.
See Table 2 for an overview of the shared memory control system value.
The following table provides a description of each of the possible settings for this system value:
| iSeries™ Navigator | Character-based interface | Description |
|---|---|---|
| Deselected | 0 (No) | Users cannot use shared memory or use mapped memory that has write capability. Setting this value prohibits users and programmers from using shared memory APIs, or mapped memory objects that have write capability. Use this value in environments with higher security requirements. |
| Selected | 1 (Yes) | Users can use shared memory, or use mapped memory that has write capability. Setting this value allows users and programmers the ability to add, change, and delete entries in the shared memory or stream files. |
Relationship to security policy
In terms of your security policy, you need to weigh the need of application performance with your need for security. If your company has applications that use shared memory you should consider allowing programmers to use these APIs. It makes application programming easier and more cost effective. However, if your environment needs stricter security, it is recommended to limit this capacity.
| iSeries Navigator name | Allow use of shared or mapped memory with write capability |
|---|---|
| Character-based interface name | QSHRMEMCTL |
| Authority | All object (*ALLOBJ) Note: The Security Officer (QSECOFR) user profile is shipped with
these authorities.
|
| How to access | iSeries Navigator
Character-based interface
|
| Changes take effect | Immediately |
| Default value | Selected (1) |
| Recommended values | |
| Lockable | Yes |
For more in-depth information about this security value, see Chapter 3, "Security System Values" in Security Reference.