friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvmonitorpubobjauth.htm

69 lines
4.4 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Monitor public authority to objects" />
<meta name="abstract" content="This article describes the SECBATCH menu options and security commands that you can use to monitor public authority to objects." />
<meta name="description" content="This article describes the SECBATCH menu options and security commands that you can use to monitor public authority to objects." />
<meta name="DC.Relation" scheme="URI" content="rzamvmonitorauth.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="monitorpubobjauth" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Monitor public authority to objects</title>
</head>
<body id="monitorpubobjauth"><a name="monitorpubobjauth"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Monitor public authority to objects</h1>
<div><p>This article describes the SECBATCH menu options and security commands
that you can use to monitor public authority to objects.</p>
<p><span class="uicontrol">Public authority</span> is the authority for an object
granted to all users.</p>
<p>For both simplicity and performance, most systems are set up so that most
objects are available to most users. Users are explicitly denied access to
certain confidential, security-sensitive objects rather than having to be
explicitly authorized to use every object. A few systems with high security
requirements take the opposite approach and authorize objects on a need-to-know
basis. On those systems, most objects are created with the public authority
set to *EXCLUDE. </p>
<p>This is an object-based system with many different types of objects. Most
object types do not contain sensitive information or perform security-relevant
functions. As a security administrator on a system with typical security needs,
you probably want to focus your attention on objects that require protection,
such as database files and programs. For other object types, you can just
set public authority that is sufficient for your applications, which for most
object types is *USE authority. </p>
<p>You can use the Print Public Authority (PRTPUBAUT) command to print information
about objects that public users can access. (A public user is anyone with
signon authority who does not have explicit authority to an object.) When
you use the PRTPUBAUT command, you can specify the object types, and libraries
or directories, that you want to examine. </p>
<p>You can use options <kbd class="userinput">11</kbd> or <kbd class="userinput">50</kbd> on
the SECBATCH menu to print the Publicly Authorized Objects report for the
object types that might have security implications. Use the general options
(<kbd class="userinput">18</kbd> and <kbd class="userinput">57</kbd>) to specify the object
type. You can print the changed version of this report regularly to see what
objects might require your attention.</p>
<p>For more information, see: <a href="rzamvmonitorspecauth.htm#monitorspecauth">Monitor
special authorities</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmonitorauth.htm" title="This topic provides basic suggestions for monitoring the effectiveness of the security safeguards on your system.">Monitor authority</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink