86 lines
5.0 KiB
HTML
86 lines
5.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
|
|
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="task" />
|
|
<meta name="DC.Title" content="Authorize Pegasus" />
|
|
<meta name="abstract" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />
|
|
<meta name="description" content="A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzatlsecure.htm" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="authorization" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Authorize Pegasus</title>
|
|
</head>
|
|
<body id="authorization"><a name="authorization"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Authorize Pegasus</h1>
|
|
<div><p>A type of security check that is required for Pegasus on <span class="keyword">i5/OS™</span> is verifying that users have
|
|
access to the objects they are trying to change. This process is called <dfn class="term">authorization</dfn>.</p>
|
|
<div class="section"><p> In Pegasus, there are two types of operations that require users
|
|
to have authorization to perform them: CIM class and qualifier operations,
|
|
and CIM instance operations.</p>
|
|
<p>CIM class and qualifier operations change
|
|
the local copy of the CIM schema (for example, DeleteClass). Users need authorization
|
|
to these operations before being able to use the operations listed in the
|
|
following information with systems management data provided by CIM. These
|
|
operations do not change any <span class="keyword">i5/OS</span> system
|
|
objects, but because they do change the CIM schema exposed to clients, some
|
|
authorization is required to use them. For the iSeries™ servers, authorization to these
|
|
operations is controlled by Application Administration in iSeries Navigator.</p>
|
|
<p>To
|
|
work with authorization for CIM operations in Application Administration:</p>
|
|
</div>
|
|
<ol><li><span>Start iSeries Navigator.</span></li>
|
|
<li><span>From <span class="uicontrol">My connections</span>, right-click the system
|
|
you want to change.</span></li>
|
|
<li><span>Select <span class="uicontrol">Application Administration</span>.</span></li>
|
|
<li><span>Select <span class="uicontrol">Local Settings</span> (if available).</span></li>
|
|
<li><span>Select <span class="uicontrol">Host Applications</span> tab.</span></li>
|
|
<li><span>Expand <span class="uicontrol">CIMOM server</span>.</span></li>
|
|
<li><span>Add or remove a user or groups authorization to the following operations.</span></li>
|
|
</ol>
|
|
<div class="section"><p>Application Administration allows users to be authorized to the
|
|
following operations: </p>
|
|
<ul><li>GetClass</li>
|
|
<li>DeleteClass</li>
|
|
<li>CreateClass</li>
|
|
<li>ModifyClass</li>
|
|
<li>EnumerateClasses</li>
|
|
<li>EnumerateClassNames</li>
|
|
<li>GetQualifier</li>
|
|
<li>SetQualifier</li>
|
|
<li>DeleteQualifier</li>
|
|
<li>EnumerateQualifiers</li>
|
|
</ul>
|
|
<p>CIM instance operations let users work with the server resources modeled
|
|
by the Pegasus providers. These providers are implemented as server exit programs
|
|
(*SRVPGM) in <span class="keyword">i5/OS</span>, and
|
|
users require authorization to these service programs before they can use
|
|
them. All of the providers included in V5R3 ship with PUBLIC *USE authority,
|
|
except for the metric provider QSYS/QYCPCSMV, which is shipped with PUBLIC
|
|
*EXCLUDE authority. If any providers are added that are not shipped with PUBLIC
|
|
*USE authority, administrators must explicitly grant users authorization to
|
|
these objects.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlsecure.htm" title="Use this topic to find out about the options that are available for ensuring that the CIM server is secure.">Secure Pegasus</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |