ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvrestrictsaverestore.htm

72 lines
4.3 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Restrict save and restore capability" />
<meta name="abstract" content="Part of your security system should be controlling users' save and restore capabilities." />
<meta name="description" content="Part of your security system should be controlling users' save and restore capabilities." />
<meta name="DC.Relation" scheme="URI" content="rzamvmanagesec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="restrictsaverestore" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Restrict save and restore capability</title>
</head>
<body id="restrictsaverestore"><a name="restrictsaverestore"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Restrict save and restore capability</h1>
<div><p>Part of your security system should be controlling users' save
and restore capabilities.</p>
<p>Most users do not need to save and restore objects on your system. The
save commands provide the possibility of copying important assets of your
organization to media or to another system. Most save commands support save
files that can be sent to another system (by using the SNDNETF file command)
without having access to media or a save/restore device. </p>
<p>Restore commands provide the opportunity to restore unauthorized objects,
such as programs, commands, and files, to your system. You can also restore
information without access to media or to a save/restore device by using save
files. Save files can be sent from another system by using the SNDNETF command
or by using the FTP function. </p>
<div class="p">Following are suggestions for restricting save and restore operations on
your system: <ul><li>Control which users have *SAVSYS special authority. *SAVSYS special authority
allows the user to save and restore objects even when the user does not have
the necessary authority to the objects.</li>
<li>Control physical access to save and restore devices.</li>
<li>Restrict access to the save and restore commands. When you install i5/OS™ licensed
programs, the public authority for the RSTxxx commands is *EXCLUDE. Public
authority for the SAVxxx commands is *USE. Consider changing the public authority
for SAVxxx commands to *EXCLUDE. Carefully limit the users that you authorize
to the RSTxxx commands.</li>
<li>Use the QALWOBJRST system value to restrict restoration of system-state
programs, programs that adopt authority, and objects that have validation
errors.</li>
<li>Use the QVFYOBJRST system value to control restoring signed objects on
your system.</li>
<li>Use the QFRCCVNRST system value to control the recreation of certain objects
being restored on your system.</li>
<li>Use security auditing to monitor restore operations. Include *SAVRST in
the QAUDLVL system value, and periodically print audit records that are created
by restore operations. </li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmanagesec.htm" title="Once you've planned and implemented your security strategy, there remains the task of managing the security of your system.">Manage security</a></div>
</div>
</div>
</body>
</html>