Create Object Rule by User

The Create Object Rule by User panel allows you to create an Object Rule linking a User to an Object List. The Copy Object List Entry panel allows you to copy an Object List Entry to a new entry.

Create Object Rule by User panel

How to get there

From the Network Security Main Menu, select option 4 to display the Work with Security by Object panel. Select option 1 to display the Work with Object Lists panel, then enter an 9 in the Opt column on one of the Object Lists. On the Object Rules using Object List panel, enter a 1 in the Opt column and a User name. Press Enter to display the Create Object Rule by User panel.

Options

User

User represents the identity of the person initiating a transaction as a user profile. The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. when used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.

Object List

The Object List name is a short name you assign to a list of objects to help you identify the list. This name is required to be a valid OS name.

Operation

Operation represents the type of action being performed upon an object or upon the data in an object.

Select Object Ruler Operation

Valid values and their meanings are:

*ALL Applies to all of the above types of operations.
*CREATE Applies to objects when they are being created or to their data when they are being added to an object; for example, when writing records to a database.
*READ Applies to non—modifying accesses of objects or the reading of an object's data.
*UPDATE Applies to changes to objects or changes to their data.
*DELETE Applies to deletion of objects or deletion of their data; for example, deleting records from a database file.
Status

Status indicates that an Object Rule is active (being enforced) or inactive (not being enforced).

Data Access Rights

Use the data access rights to specify user rights to the data in the objects contained in the Object List.

Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction. This Authority value pertains to Data Accesses.

The valid values are:

*OS400 The transaction will be allowed and object authority will be determined by the operating system.
*REJECT The transaction will not be allowed.
*SWITCH The transaction will be allowed and the transaction will occur as if the user profile named as the Swap Profile had initiated the transaction. After switching to the Swap Profile, the authority used during the transaction will be determined by the operating system.
Audit Transactions

The Audit transactions flag controls the logging of transactions to the Log Journal set up on the work with Network Security System Values panel. This Audit Transaction flag pertains to Data Accesses.

The valid values are:

Y The transaction will be logged to the Log Journal.
N The transaction will not be logged to the Log Journal.
* The default value from a prior rule will control the logging.
Send Messages

The Send messages flag controls the sending of messages to the Log Message Queue set up on the Work with Network Security System Values panel. This Send Messages flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Capture Transactions

The Capture transactions flag controls whether transactions are remembered in Network Security for later memorization. Once captured, transactions can become Memorized Transactions which can act as rules. This Capture Transactions flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Switch Profile

The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise it must contain *NONE.

This Switch Profile pertains to Data Accesses.

Object Access Rights

Use the object access rights to specify user rights to the objects in the Object List.

Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction. This Authority value pertains to Object Accesses.

The valid values are:

*OS400 The transaction will be allowed and object authority will be determined by the operating system.
*REJECT The transaction will not be allowed.
*SWITCH The transaction will be allowed and the transaction will occur as if the user profile named as the Swap Profile had initiated the transaction. After switching to the Swap Profile, the authority used during the transaction will be determined by the operating system.
Audit Transactions

The Audit transactions flag controls the logging of transactions to the Log Journal set up on the work with Network Security System Values panel. This Audit Transaction flag pertains to Object Accesses.

The valid values are:

Y The transaction will be logged to the Log Journal.
N The transaction will not be logged to the Log Journal.
* The default value from a prior rule will control the logging.
Send Messages

The Send messages flag controls the sending of messages to the Log Message Queue set up on the work with Network Security System Values panel.

This Send Messages flag pertains to Object Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
*  The default value from a prior rule will control the logging.
Capture Transactions

The Capture transactions flag controls whether transactions are remembered in Network Security for later memorization. Once captured, transactions can become Memorized Transactions which can act as rules. This Send Messages flag pertains to Object Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Switch Profile

The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise it must contain *NONE. This Switch Profile pertains to Object Accesses.

See Specifying the Server/Functions for an Object Rule.

Command Keys

F3 (Exit): Exit the panel without processing any pending changes.

F4 (Prompt): Displays a list of possible values from which you may select one.

F12 (Cancel): Exit the panel without processing any pending changes.

 

Related Topics

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.15 | 201709140431