ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtoolsecurity.htm

107 lines
7.0 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Configure the system to use security tools" />
<meta name="abstract" content="This information describes how to set up your system to use the security tools that are part of i5/OS." />
<meta name="description" content="This information describes how to set up your system to use the security tools that are part of i5/OS." />
<meta name="DC.Relation" scheme="URI" content="rzamvmanagesec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvtoolsave.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvtoolcustomsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvconfigsysseccmd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvrevokepubauthcmd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsectools.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="toolsecurity" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Configure the system to use security tools</title>
</head>
<body id="toolsecurity"><a name="toolsecurity"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Configure the system to use security tools</h1>
<div><p>This information describes how to set up your system to use the
security tools that are part of i5/OS™. </p>
<p>When you install i5/OS, the security tools are ready to use. The topics
that follow provide suggestions for operating procedures with the security
tools.</p>
<div class="section"><h4 class="sectiontitle">Use security tools securely</h4><p>When you install i5/OS,
the objects that are associated with the security tools are secure. To operate
the security tools securely, avoid making authority changes to any security
tool objects. </p>
<div class="p">Following are the security settings and requirements
for security tool objects:<ul><li>The security tool programs and commands are in the QSYS product library.
The commands and the programs ship with the public authority of *EXCLUDE.
Many of the security tool commands create files in the QUSRSYS library. When
the system creates these files, the public authority for the files is *EXCLUDE.
Files that contain information for producing changed reports have names that
begin with QSEC. Files that contain information for managing user profiles
have names that begin with QASEC. These files contain confidential information
about your system. Therefore, you should not change the public authority to
the files.</li>
<li>The security tools use your normal system setup for directing printed
output. These reports contain confidential information about your system.
To direct the output to a protected output queue, make appropriate
changes to the user profile or job description for users who will be running
the security tools.</li>
<li>Because of their security functions and because they access many objects
on the system, the security tool commands require *ALLOBJ special authority.
Some of the commands also require *SECADM, *AUDIT, or *IOSYSCFG special authority.
To ensure that the commands run successfully, you should sign on as a security
officer when you use the security tools. Therefore, you should not need to
grant private authority to any security tool commands.</li>
</ul>
</div>
</div>
<div class="section"><h4 class="sectiontitle">Avoid file conflicts</h4><p>Many of the security tool report
commands create a database file that you can use to print a changed version
of the report. [Commands and menus for security commands] tells the file name
for each command. You can only run a command from one job at a time. Most
of the commands now have checks that enforce this. If you run a command when
another job has not yet finished running it, you will receive an error message. </p>
<p>Many
print jobs are long-running jobs. You need to be careful to avoid file conflicts
when you submit reports to batch or add them to the job scheduler. For example,
you might want to print two versions of the PRTUSRPRF report with different
selection criteria. If you are submitting reports to batch, you should use
a job queue that runs only one job at a time to ensure that the report jobs
run sequentially. </p>
<p>If you are using the job scheduler, you need to schedule
the two jobs far enough apart that the first version completes before the
second job starts.</p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvtoolsave.htm">Save security tools</a></strong><br />
You save the security tool programs whenever you run either the Save System (SAVSYS) command or an option from the Save menu that runs the SAVSYS command.</li>
<li class="ulchildlink"><strong><a href="rzamvtoolcustomsec.htm">Commands for customizing security</a></strong><br />
This section describes the commands and menus for security tools.</li>
<li class="ulchildlink"><strong><a href="rzamvconfigsysseccmd.htm">Values set by the Configure System Security command</a></strong><br />
This table lists the system values that are set when you run the CFGSYSSEC command. The CFGSYSSEC command runs a program that is called QSYS/QSECCFGS.</li>
<li class="ulchildlink"><strong><a href="rzamvrevokepubauthcmd.htm">Functions of the Revoke Public Authority command</a></strong><br />
You can use the Revoke Public Authority (RVKPUBAUT) command to set the public authority to *EXCLUDE for a set of commands and programs.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmanagesec.htm" title="Once you've planned and implemented your security strategy, there remains the task of managing the security of your system.">Manage security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvsectools.htm" title="You can use security tools to manage and monitor the security environment on your system.">System security tools</a></div>
</div>
</div>
</body>
</html>