Object Rules using Object List

The Object Rules using Object List panels allow you to work with Object Rules that refer to a single Object List. The Object List is named at the top of the screen. Only rules that refer to the Object List named at the top of the screen are listed. Any new rules that you add from this screen will apply to the Object List named at the top of this screen. Object Rules can be active or inactive. On this panel, the inactive rules are colored yellow and the active rules are colored green.

Object Rules using Object List panel

How to get there

From the Network Security Main Menu, select option 4 to display the Work with Security by Object panel. Select option 1 to display the Work with Object Lists panel, then enter an 9 in the Opt column on one of the Object Lists.

Object List

The Object List named at the top of the screen is the Object List to which all the listed rules apply. The Object List name is followed by the Object List Type and description.

Options

You can select from the following options on the Work with Object List Entries panel.

1=Create

Enter a 1 next to an object rule to display the Create Object Rule by User panel, which allows you to create an Object Rule linking a User to an Object List. See Create Object Rule by User panel and Create Object Rule by Location panel.

2=Change

Enter a 2 next to an object rule to display the Change Object Rule by User or Change Object Rule by Location panels. Enter the changes you want to make and press Enter to display the Select Target Server Functions for Object Rule panels. Select the servers/functions to create a new filter rule. Or, press Enter without making a selection if you don't want to create a new filter rule. See Change Object Rule by User panel and Change Object Rule by Location panel.

NOTE: If you don't select any servers/functions, no *MEMOBJ filter rules are created. If no other *MEMOBJ filter rules already exist for the user or location, the object rule is placed in *INACTIVE status. If there are other *MEMOBJ filter rules, the rule remains active.
3=Copy

Enter a 3 next an object rule to display the Copy Object Rule by User or Location panel. You can enter a new user or location name and make other changes to the values specified in the rule. Press Enter to display the Select Target Server Functions for Object Rule panels. Select the servers/functions to create a new filter rule. See Copy Object Rule by User panel and Copy Object Rule by Location panel.

NOTE: If you don't select any servers/functions, no *MEMOBJ filter rules are created. If no other *MEMOBJ filter rules already exist for the user or location, the object rule is placed in *INACTIVE status. If there are existing *MEMOBJ filter rules, the rule remains active.
4=Delete

Enter a 4 next to an object rule to delete it. A confirmation screen displays asking you to confirm the deletion. See Deleting an Object Rule for more information.

5=Display

Enter a 5 next to a rule to display the Display Object Rule by User or Location panel. You cannot make any changes on this screen, it is information only. See Display Object Rule by User panel and Display Object Rule by Location panel.

8=Activate Rule

Enter an 8 next to a rule to activate it if it is inactive. A confirmation screen displays asking you to confirm the activation request. The Select Target Server Functions for Object Rule panels display allowing you to define a new filter rule. See Confirm Choices screen.

9=Deactivate Rule

Enter a 9 next to a rule to deactivate it. A confirmation screen displays asking you to confirm the deactivation request. See Confirm Choices screen. If the rule is the last active rule for the user or location, the Specify Filter Rule Options screen displays so you can specify how to handle any *MEMOBJ filter rules that exist for the object rule. See Deleting an Object Rule for more information.

LA=Location Authority
NOTE: This option is not valid for a user rule.

Enter LA next to a location rule to display the Work with Security by Location panel, which shows that the location object rule is now used for the servers/functions you selected. The Authority filter rules property is set to *MEMOBJ for each server/function. This tells Network Security to check memorized transactions (MTR) for authority. If no MTR authority is found, it then checks the transaction against the object rules.

Work with security by location

UA=User Authority
NOTE: This option is not valid for a location rule.

Enter UA next to a user rule to display the Work with Security by User panel, which shows that the user object rule is now used for the servers/functions you selected. The Authority filter rules property is set to *MEMOBJ for each server/function. This tells Network Security to check memorized transactions (MTR) for authority. If no MTR authority is found, it then checks the transaction against the object rules.

Work with Security by User

Field Descriptions

Opt

Enter a valid option from the list of options provided on the list panel.

Location

Location represents the source of a transaction. Location can hold an IP Address, an IP Address Group or the name of an SNA Communications Device. The special value *ALL, when used on a rule, means that the rule applies to any rule means that the rule applies to any Location lacking a specific rule. When used as a subset or selection parameter, *ALL generally means to select all such rules for display or printing.

User

User represents the identity of the person initiating a transaction as a user profile. The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. When used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.

Operation

The operation to which the rule applies.

*ALL The rule applies to all operations.
*CREATE The rule applies to attempts to create an object matching an entry defined in the Object List.
*READ The rule applies to attempts to read an object matching an entry defined in the Object List.
*UPDATE The rule applies to attempts to update an object matching an entry defined in the Object List.
*DELETE The rule applies to attempts to delete an object matching an entry defined in the Object List.
Authority

Authority represents the action to be taken when a rule is found that matches the data present on a transaction. This Authority value pertains to Data Accesses.

The valid values are:

*OS400 The transaction will be allowed and object authority will be determined by the operating system.
*REJECT The transaction will not be allowed.
*SWITCH The transaction will be allowed and the transaction will occur as if the user profile named as the Swap Profile had initiated the transaction. After switching to the Swap Profile, the authority used during the transaction will be determined by the operating system.
Audit

The Audit flag controls the logging of transactions to the Log Journal set up on the work with Network Security System Values panel. This Audit flag pertains to Data Accesses.

The valid values are:

Y The transaction will be logged to the Log Journal.
N The transaction will not be logged to the Log Journal.
* The default value from a prior rule will control the logging.
Msg

The Send messages flag controls the sending of messages to the Log Message Queue set up on the Work with Network Security System Values panel. This Msg flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Cap

Capture transactions flag controls whether transactions are remembered in Network Security for later memorization. Once captured, transactions can become Memorized Transactions which can act as rules. This Cap flag pertains to Data Accesses.

The valid values are:

Y A log message will be sent to the Log Message Queue.
N A log message will not be sent to the Log Message Queue.
* The default value from a prior rule will control the logging.
Switch

The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile. Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise it must contain *NONE. This Switch pertains to Data Accesses.

Command Keys

F3 (Exit): Exit the screen without processing any pending changes.

F4 (Prompt): Displays a list of possible values from which you may select one.

F5 (Refresh): Refreshes the screen and resets all available text fields.

F7 (Select System): Use this command key to work with data from a different System.

F11 (Object View/Data Accesses): Use this command key to switch between Object View and Data Accesses.

F12 (Cancel): Exit the screen without processing any pending changes.

F16 (Sort/Subset): Allows you to sort and subset information location, user, and/or operation.

F17 (Print): Prompts the PRTOBJL command to print the list of Object List Entries using your current sort/subset criteria.

F19 (Top): Positions the list screen to the first record.

F20 (Bottom): Positions the list screen to the last record.

F23 (More Options): Displays more options at the top of the screen.

 

Related Topics

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.15 | 201709140431