A type of security check that is required for Pegasus on i5/OS™ is verifying that users have access to the objects they are trying to change. This process is called authorization.
In Pegasus, there are two types of operations that require users to have authorization to perform them: CIM class and qualifier operations, and CIM instance operations.
CIM class and qualifier operations change the local copy of the CIM schema (for example, DeleteClass). Users need authorization to these operations before being able to use the operations listed in the following information with systems management data provided by CIM. These operations do not change any i5/OS system objects, but because they do change the CIM schema exposed to clients, some authorization is required to use them. For the iSeries™ servers, authorization to these operations is controlled by Application Administration in iSeries Navigator.
To work with authorization for CIM operations in Application Administration:
Application Administration allows users to be authorized to the following operations:
CIM instance operations let users work with the server resources modeled by the Pegasus providers. These providers are implemented as server exit programs (*SRVPGM) in i5/OS, and users require authorization to these service programs before they can use them. All of the providers included in V5R3 ship with PUBLIC *USE authority, except for the metric provider QSYS/QYCPCSMV, which is shipped with PUBLIC *EXCLUDE authority. If any providers are added that are not shipped with PUBLIC *USE authority, administrators must explicitly grant users authorization to these objects.