ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvsystemdefauth.htm

172 lines
9.3 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="System-defined authorities" />
<meta name="abstract" content="This table shows how system-defined authorities apply to securing files, programs, and libraries." />
<meta name="description" content="This table shows how system-defined authorities apply to securing files, programs, and libraries." />
<meta name="DC.Relation" scheme="URI" content="rzamvauthtypes.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsetauthobjlib.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="systemdefauth" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>System-defined authorities</title>
</head>
<body id="systemdefauth"><a name="systemdefauth"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">System-defined authorities</h1>
<div><p>This table shows how system-defined authorities apply to securing
files, programs, and libraries.</p>
<p>Use this information to plan system-defined authorities. To design simple
resource security, try to plan security for entire libraries. The table shows
how system-defined authorities apply to securing files, programs, and libraries:</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. System-defined authorities</caption><thead align="left"><tr><th valign="top" width="20%" id="d0e28">&nbsp;</th>
<th valign="top" width="20%" id="d0e29">*USE authority</th>
<th valign="top" width="20%" id="d0e31">*CHANGE authority</th>
<th valign="top" width="20%" id="d0e33">*ALL authority</th>
<th valign="top" width="20%" id="d0e35">*EXCLUDE<sup>1</sup> authority</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations allowed for files</strong></td>
<td valign="top" width="20%" headers="d0e29 ">View information in the file.</td>
<td valign="top" width="20%" headers="d0e31 ">View, change, and delete records in the file.</td>
<td valign="top" width="20%" headers="d0e33 ">Create and delete the file. Add, change, and delete
records in the file. Authorize others to use the file.</td>
<td valign="top" width="20%" headers="d0e35 ">None.</td>
</tr>
<tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations not allowed for files</strong></td>
<td valign="top" width="20%" headers="d0e29 ">Change or delete any information in the file. Delete
the file.</td>
<td valign="top" width="20%" headers="d0e31 ">Delete or clear the entire file.</td>
<td valign="top" width="20%" headers="d0e33 ">None.</td>
<td valign="top" width="20%" headers="d0e35 ">Any access to the file.</td>
</tr>
<tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations allowed for programs</strong></td>
<td valign="top" width="20%" headers="d0e29 ">Run the program.</td>
<td valign="top" width="20%" headers="d0e31 ">Change the description of the program.</td>
<td valign="top" width="20%" headers="d0e33 ">Create, change, and delete the program. Authorize others
to use the program.</td>
<td valign="top" width="20%" headers="d0e35 ">None.</td>
</tr>
<tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations not allowed for programs</strong></td>
<td valign="top" width="20%" headers="d0e29 ">Change or delete the program.</td>
<td valign="top" width="20%" headers="d0e31 ">Change or delete the program.</td>
<td valign="top" width="20%" headers="d0e33 ">Change the owner of the program, if the program adopts
authority.</td>
<td valign="top" width="20%" headers="d0e35 ">Any access to the program.</td>
</tr>
<tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations allowed for libraries</strong></td>
<td valign="top" width="20%" headers="d0e29 "><ul><li>For objects in the library, any operation allowed by the authority to
the specific object. </li>
<li>For the library, view descriptive information.</li>
</ul>
</td>
<td valign="top" width="20%" headers="d0e31 "><ul><li>For objects in the library, any operation allowed by the authority to
the specific object.</li>
<li>Add new objects to the library.</li>
<li>Change the library description.</li>
</ul>
</td>
<td valign="top" width="20%" headers="d0e33 "><ul><li>Everything allowed with change authority.</li>
<li>Delete the library.</li>
<li>Authorize others to the library.</li>
</ul>
</td>
<td valign="top" width="20%" headers="d0e35 "><span>None.</span></td>
</tr>
<tr><td valign="top" width="20%" headers="d0e28 "><strong>Operations not allowed for libraries</strong></td>
<td valign="top" width="20%" headers="d0e29 "><ul><li>Add new objects to the library.</li>
<li>Change the library description.</li>
<li>Delete the library.</li>
</ul>
</td>
<td valign="top" width="20%" headers="d0e31 ">Delete the library.</td>
<td valign="top" width="20%" headers="d0e33 ">None.</td>
<td valign="top" width="20%" headers="d0e35 "><span>Any access to the library.</span></td>
</tr>
<tr><td colspan="5" valign="top" headers="d0e28 d0e29 d0e31 d0e33 d0e35 "><dl><dt class="dlterm">1</dt>
<dd>*EXCLUDE overrides any authorities that you grant to the public or through
a group profile.</dd>
</dl>
</td>
</tr>
</tbody>
</table>
</div>
<p><span class="uicontrol">Understanding how object authority and library authority work
together</span></p>
<p>You also need to understand how library and object authority work together.
The table below gives examples of authorities that are required for both an
object and the library:</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 2. How library authority and object authority work
together</caption><thead align="left"><tr><th valign="top" id="d0e160">Object type</th>
<th valign="top" id="d0e162">Operations</th>
<th valign="top" id="d0e164">Object authority needed</th>
<th valign="top" id="d0e166">Library authority needed</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e160 ">File</td>
<td valign="top" headers="d0e162 ">Change data</td>
<td valign="top" headers="d0e164 ">*CHANGE</td>
<td valign="top" headers="d0e166 "><span>*EXECUTE</span></td>
</tr>
<tr><td valign="top" headers="d0e160 ">File</td>
<td valign="top" headers="d0e162 ">Delete the file</td>
<td valign="top" headers="d0e164 "><span>*OBJOPR, *OBJEXIST</span></td>
<td valign="top" headers="d0e166 "><span>*EXECUTE</span></td>
</tr>
<tr><td valign="top" headers="d0e160 ">File</td>
<td valign="top" headers="d0e162 ">Create the file</td>
<td valign="top" headers="d0e164 "><span>None.</span></td>
<td valign="top" headers="d0e166 "><span>*EXECUTE, *ADD</span></td>
</tr>
<tr><td valign="top" headers="d0e160 ">Program</td>
<td valign="top" headers="d0e162 ">Run the program</td>
<td valign="top" headers="d0e164 ">*USE</td>
<td valign="top" headers="d0e166 "><span>*EXECUTE, *OBJOPR</span></td>
</tr>
<tr><td valign="top" headers="d0e160 ">Program</td>
<td valign="top" headers="d0e162 ">Recompile the program</td>
<td valign="top" headers="d0e164 "><span>*OBJEXIST, *OBJMGR, *READ</span></td>
<td valign="top" headers="d0e166 "><span>*ADD, *READ</span></td>
</tr>
<tr><td valign="top" headers="d0e160 ">Program</td>
<td valign="top" headers="d0e162 ">Delete the program</td>
<td valign="top" headers="d0e164 "><span>*OBJEXIST</span></td>
<td valign="top" headers="d0e166 "><span>*EXECUTE</span></td>
</tr>
</tbody>
</table>
</div>
<p>Now you are ready to set up specific authorities for objects,
directories, and libraries. For more information on the types of authorities
available and some examples of how the authorities are used, see <span class="q">"Chapter
1. Resource Security"</span> and <span class="q">"Appendix D. Authority Required for Objects
Used by Commands"</span> in the <cite>iSeries™ Security Reference</cite>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvauthtypes.htm" title="This article discusses the types of authority that can be authorized and used on the server.">Types of authority</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvsetauthobjlib.htm" title="You can use the Edit Object Authority (EDTOBJAUT) command to set specific authority for the library and objects in the library.">Set up specific authority for objects and libraries</a></div>
</div>
</div>
</body>
</html>