friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqalwobjrst.htm

82 lines
5.4 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Allow restore for security-sensitive objects" />
<meta name="abstract" content="Three system values, Verify Object on Restore (QVFYOBJRST), Force Conversion on Restore (QFRCCVNRST), and Allow Object Restore (QALWOBJRST), act as a series of filters to determine whether a program is restored without change, whether it is re-created as it is restored, or whether it is not restored to the system." />
<meta name="description" content="Three system values, Verify Object on Restore (QVFYOBJRST), Force Conversion on Restore (QFRCCVNRST), and Allow Object Restore (QALWOBJRST), act as a series of filters to determine whether a program is restored without change, whether it is re-created as it is restored, or whether it is not restored to the system." />
<meta name="DC.Relation" scheme="URI" content="rzamvrestoresysvalplan.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qalwobjrst" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Allow restore for security-sensitive objects</title>
</head>
<body id="qalwobjrst"><a name="qalwobjrst"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Allow restore for security-sensitive objects</h1>
<div><p>Three system values, Verify Object on Restore (QVFYOBJRST), Force
Conversion on Restore (QFRCCVNRST), and Allow Object Restore (QALWOBJRST),
act as a series of filters to determine whether a program is restored without
change, whether it is re-created as it is restored, or whether it is not restored
to the system.</p>
<p>The QVFYOBJRST system value determines whether objects are required to
have digital signatures to be restored to your system. You can prevent anyone
from restoring an object, unless that object has a correct digital signature
from a trusted software provider.</p>
<div class="p">The QFRCCVNRST system value allows you to specify whether to convert the
following object types during a restore: <ul><li>Program (*PGM)</li>
<li>Service program (*SRVPGM)</li>
<li>Module (*MODULE)</li>
<li>SQL Package (*SQLPKG)</li>
</ul>
</div>
<p>The QALWOBJRST system value determines whether objects that are security-sensitive
may be restored to your system. You can use it to prevent anyone from restoring
a system state object or an object that adopts authority.</p>
<div class="p">Before running a restore operation, you must plan what type of restore
you want to perform. Then, configure your system values to the proper settings
to meet your needs. Then, when a restore operation is performed, you will
have the correct settings specified on your system. To plan how you want
objects restored on the system, answer the following questions based on your
company's needs: <ul><li>How cautious do you want to be about what is restored?</li>
<li>What objects do you want to allow to be restored?</li>
</ul>
</div>
<div class="p">For more information on using these restore system values, see the following
sections in Chapter 3 of the <a href="../books/sc415302.pdf" target="_blank">iSeries Security Reference</a>:<ul><li><span class="q">"Verify Object on Restore (WVFYOBJRST)"</span></li>
<li><span class="q">"Force Conversion on Restore (QFRCCVNRST)"</span></li>
<li><span class="q">"Allow Restoring of Security-Sensitive Objects (QALWOBJRST)"</span></li>
</ul>
</div>
<p><strong>Scan objects that are accessed after a restore operation:</strong></p>
<p>The *NOPOSTRST value of the system value, QSCANFSCTL, impacts
whether or not objects are scanned after a restore operation. Do you want
to scan objects on the next access after the restore is complete? You need
to consider what objects you are restoring and what kind of performance impact
the scan will cause. Before determining whether or not to scan objects consider
the following: Scanning may not be necessary if you are restoring your own
objects which were saved with the option to scan objects and not save objects
that failed the scan. Scanning may not be necessary if you are restoring objects
that are coming from a trusted source. </p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvrestoresysvalplan.htm" title="Restoring programs to your system represents a security exposure.">Security-related restore system values</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink