friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzait_5.4.0.1/rzaitauthority.htm

373 lines
19 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Logical partition authority" />
<meta name="abstract" content="The authorities that you grant to service tool users determines what logical partition information they can access and what tasks they can perform. Care should be exercised in assigning service tool user profile privileges to manage partition security." />
<meta name="description" content="The authorities that you grant to service tool users determines what logical partition information they can access and what tasks they can perform. Care should be exercised in assigning service tool user profile privileges to manage partition security." />
<meta name="DC.Relation" scheme="URI" content="rzaitforcedst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitforcedst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitsecurepar.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitcreate.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaitfinddst.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaitauthority" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Logical partition authority</title>
</head>
<body id="rzaitauthority"><a name="rzaitauthority"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Logical partition authority</h1>
<div><p>The authorities that you grant to service tool users determines
what logical partition information they can access and what tasks they can
perform. Care should be exercised in assigning service tool user profile privileges
to manage partition security.</p>
<div class="section"><p>Two service tool functional privileges relate to logical partitions.
These privileges support basic operations or advanced administration.</p>
<p>To
grant a user logical partition <span class="uicontrol">operations</span> authority
perform the following steps:</p>
</div>
<ol><li><span>Start DST as QSECOFR or with any other user ID with Service tool
security privilege.</span></li>
<li><span>Select option 5 (Work with DST environment).</span></li>
<li><span>Select option 3 (Service tools user profiles).</span></li>
<li><span>Select option 1 (Create) to create a new user profile or option
7 (Change attributes) to adjust an existing user.</span></li>
<li><span>Ensure that the <span class="uicontrol">System partitions-operations</span> privilege
is granted.</span></li>
</ol>
<div class="section"><p>To grant a user logical partition <span class="uicontrol">administration</span> authority
(which enables all operation task as well), perform the following steps:</p>
<ol><li>Start DST as QSECOFR or with any other user ID with Service tool security
privilege.</li>
<li>Select option 5 (Work with DST environment).</li>
<li>Select option 3 (Service tools user profiles).</li>
<li>Select option 1 (Create) to create a new user profile or option 7 (Change
attributes) to adjust an existing user.</li>
<li>Ensure that the <span class="uicontrol">System partitions-administration</span> privilege
is granted.</li>
</ol>
<p>The following table describes which authority is required to complete
a logical partition task: </p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Authority required
to complete a logical partition task</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e82">Function</th>
<th valign="bottom" id="d0e84">Administration authority</th>
<th valign="bottom" id="d0e86">Operation authority</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e82 ">Accept a disk unit as load source for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change a bus ownership type</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change a default electronic customer support resource</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change a partition name</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change communication options with resources in use (forced)</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change communication options with resources not in use</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change I/O configuration of primary and secondary partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change operating mode for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Change the alternate restart device for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Change the guest partition host information</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Change the partition type</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Change the restart source command line parameters of a guest partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Change the load source for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Clear nonreporting resources on logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Clear partition configuration from nonconfigured disk units</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Copy partition configuration data between load sources</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Create a new logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Create a guest partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Delete a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Delete all logical partition configuration data</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">  </td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display available hardware resources</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the communication options of a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the console for a partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the logical partition operating system release level</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the operating system type for a partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the partition ID</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the PCI information</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the remote control panel for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display the system reference code history for logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Display system resources</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Dynamic movement of interactive performance</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Dynamic movement of I/O processors</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Dynamic movement of memory</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Dynamic movement of processors</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Enable the virtual ethernet communication for a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Find a logical address for a resource</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move a dedicated processor</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move a dedicated processor to the shared processor pool</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move an I/O processor with resources in use (forced)</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move an I/O processor with resources not in use</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move interactive performance, memory or shared processing power</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move an I/O adapter assigned to an I/O processor to a guest partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move an I/O adapter to a guest partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Move an I/O adapter assigned to an <span class="keyword">i5/OS™</span> partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Perform main storage dumps on servers with logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Prevent a secondary logical partition from restarting during a system
restart</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Print system configuration for logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Recover logical partition configuration data</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Reset a disk unit I/O processor with logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Restart a secondary logical partition during a system restart</td>
<td valign="top" headers="d0e84 "> </td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Restart a system with logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Restore all logical partition configuration data</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">Save all logical partition configuration data</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Schedule a dedicated processor move</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Schedule an interactive performance move</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Schedule an I/O processor move</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Schedule a memory move</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Schedule a shared processor move</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 "> Update partition configuration data on all logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 "> </td>
</tr>
<tr><td valign="top" headers="d0e82 ">Use remote service with logical partitions</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
<tr><td valign="top" headers="d0e82 ">View the status of a logical partition</td>
<td valign="top" headers="d0e84 ">X</td>
<td valign="top" headers="d0e86 ">X</td>
</tr>
</tbody>
</table>
</div>
<p>To use an <span class="uicontrol">Operations Console remote panel</span> across
the LAN, a PC needs a device profile in the primary partition with the <span class="uicontrol">Partition
remote panel XXXXXXXX nnn</span> attribute where XXXXXXXX is the target
partition name and nnn is the numeric partition identifier. To grant a user
the ability to user the remote panel, perform the following steps:</p>
<ol><li>Start DST as QSECOFR or with any other user ID with Service tool security
privilege.</li>
<li>Select option 5 (Work with DST environment).</li>
<li>Select option 5 (Service tools device profiles).</li>
<li>Select option 1 (Create) to create a new device profile or option 7 (Change
attributes) to adjust an existing device.</li>
<li>Ensure that the <span class="uicontrol">Partition remote panel</span> attribute
for the appropriate partition is granted.</li>
</ol>
<p>This device profile enables panel functions from the remote console
graphical user interface on the PC. All users will require a valid service
tool user profile. For most functions, no special privilege is required to
use the panel. However, to change the panel key position (Manual, Normal,
Auto, or Secure), the user will require a service tool user profile in the
primary partition with the </p>
<p><span class="uicontrol">Partition remote panel key XXXXXXXX
nnn where XXXXXXXX</span></p>
<p> is the target partition name and nnn
is the numeric partition identifier. To grant a user the ability to change
the key, perform the following steps: </p>
<ol><li>Start DST as QSECOFR or with any other user ID with Service tool security
privilege.</li>
<li>Select option 5 (Work with DST environment).</li>
<li>Select option 3 (Service tools user profiles).</li>
<li>Select option 1 (Create) to create a new user profile or option 7 (Change
attributes) to adjust an existing user.</li>
<li>Ensure that the <span class="uicontrol">Partition remote panel key</span> privilege
for the appropriate partition is granted.</li>
</ol>
<p>For additional information on service tool user IDs, refer to <a href="../rzamh/rzamhwhatuserids.htm">Service tools user IDs</a>.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaitforcedst.htm" title="Understand how to manage logical partitions with iSeries Navigator along with DST and SST. Determine the authority needed to perform logical partition tasks.">Manage logical partitions by using iSeries Navigator, DST, and SST</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaitforcedst.htm" title="Understand how to manage logical partitions with iSeries Navigator along with DST and SST. Determine the authority needed to perform logical partition tasks.">Manage logical partitions by using iSeries Navigator, DST, and SST</a></div>
<div><a href="rzaitsecurepar.htm" title="Understand who has authority to perform logical partition tasks and how to restrict access to the system.">Manage security for logical partitions</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzaitcreate.htm" title="Find information about the iSeries Navigator wizard that guides you through the process of creating logical partitions on your server.">Create logical partitions</a></div>
<div><a href="rzaitfinddst.htm" title="Look here for information about starting SST and DST on primary and secondary partitions.">Start SST and DST for logical partitions</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink