ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvbasicterm.htm

119 lines
7.7 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Basic terminology" />
<meta name="abstract" content="This topic provides users with basic security terminology." />
<meta name="description" content="This topic provides users with basic security terminology." />
<meta name="DC.Relation" scheme="URI" content="rzamvconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="../rzalx/rzalxsecterms.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="basicterm" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Basic terminology</title>
</head>
<body id="basicterm"><a name="basicterm"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Basic terminology</h1>
<div><p>This topic provides users with basic security terminology.</p>
<div class="p"> <dl class="dlexpand"><dt class="dltermexpand">Object</dt>
<dd>An <a href="../rzal2/rzal2objects.htm">object</a> is
a named space on the system that you or an application can manipulate. Everything
on the system that you or an application can work with is considered an object.
Objects provide a common interface for working with system components. The
most common examples of objects are files and programs. Other types of objects
include commands, queues, libraries, and folders. Objects on the system are
identified by object name, object type, and the library in which the object
resides. You can secure each object on the system. </dd>
<dt class="dltermexpand">Library</dt>
<dd>A library is a special type of object that is used to group other objects.
Many objects on the system reside in a library. Libraries are essentially
containers, or organizational structures for other objects, and you can use
them to reference other objects on your system. Libraries might contain many
objects, and might be associated with a specific user profile or application.
QSYS, which contains all other libraries on the system, is the only library
that can contain other libraries. Objects in a library are handled like objects
in a subdirectory. A library cannot live inside a directory.</dd>
<dt class="dltermexpand">Directory</dt>
<dd>A <a href="../ifs/rzaaxdir.htm">directory</a> is
a special object that provides another way to group objects on the system.
Objects can reside in a directory and a directory can reside in another directory,
forming a hierarchical structure. Each <a href="../ifs/rzaaxfsknow.htm">file system</a> is a major <strong>subtree</strong> in the integrated
file system directory structure. Directories are different from libraries
in that the address of each library maps to the QSYS library while directories
are not addressable. Names of libraries are restricted to 10 characters while
directories can have longer names which might be case sensitive. Directories
can have multiple names because the path to the directory is what is named
and not the directory itself. You would use different commands and authority
requirements when working with directories and libraries.</dd>
<dt class="dltermexpand">User profile</dt>
<dd>Every system user must have a user identity before they can sign on to
and use a system. This user identity is a special object called a <a href="rzamvuserprof.htm#userprof">user
profile</a>, which only an administrator with appropriate system authority
can create for a user.</dd>
<dt class="dltermexpand">Special authority</dt>
<dd><a href="rzamvspecialauth.htm#specialauth">Special authority</a> determines
whether the user is allowed to perform system functions, such as creating
user profiles or changing the jobs of other users.</dd>
<dt class="dltermexpand">Physical security</dt>
<dd><a href="rzamvplanphysec.htm#planphysec">Physical security</a> includes
protecting the system unit, system devices, and backup media from accidental
or deliberate damage. Most measures you take to ensure the physical security
of your system are external to the system. Certain system models are equipped
with a keylock that prevents unauthorized functions at the system unit.</dd>
<dt class="dltermexpand">Application security</dt>
<dd><a href="rzamvplanappsec.htm#planappsec">Application security</a> deals
with the applications you store on your system and how you will
protect those applications while simultaneously allowing users access to them.</dd>
<dt class="dltermexpand">Resource security</dt>
<dd><a href="rzamvresourcesec.htm#resourcesec">Resource security</a> on
the system allows you to define who can use objects and how objects can be
used. The ability to access an object is called <strong>authority</strong>. When you
set up object authority, you need to be careful to give your users enough
authority to do their work without giving them the ability to browse and change
the system. Object authority gives permissions to the user for a specific
object and can specify what the user is allowed to do with the object. An
object resource can be limited through specific, detailed user authorities
such as adding records or changing records. System resources can be used to
give the user access to specific system-defined subsets of authorities: *ALL,
*CHANGE, *USE, and *EXCLUDE. System values and user profiles control who has
access to your system and prevent unauthorized users from signing on. Resource
security controls the actions that authorized system users can perform, and
the objects that they can access after they have signed on successfully. Resource
security supports the main goals of security on your system to protect: <ul><li>Confidentiality of information </li>
<li>Accuracy of information to prevent unauthorized changes </li>
<li>Availability of information to prevent accidental or deliberate damage</li>
</ul>
</dd>
<dt class="dltermexpand">Security policy</dt>
<dd>A <a href="rzamvdevelopsecpol.htm#developsecpol">security policy</a> allows
you to implement and manage security on an i5/OS™ system. Use the <a href="../icbase/secplanr/securwiz.htm" target="_blank">eServer™ Security
Planner</a> to help you plan for and implement a basic security policy
for your servers. </dd>
</dl>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvconcepts.htm" title="To effectively create a security policy and plan security measures for your system, you need to understand the following security concepts, some of which are general concepts and some of which are specific to the hardware type.">Concepts</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../rzalx/rzalxsecterms.htm">Security terminology</a></div>
</div>
</div>
</body>
</html>