You are here:

Add Location Rules

How to Get There

Enter option 3 on the Network Security Main Menu to display the Work with Security by Location panel. Press F2 to display the Add Location Rules panel.

What it Does

The Global Rule Facility panel allows you to create location rules for all Servers.

Options

These rules will have a Function of *ALL.

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.

Location

Location represents the source of a transaction. Location can hold an IP Address, an IP Address Group or the name of an SNA Communications Device.

The special value *ALL, when used on a rule, means that the rule applies to any Location lacking a specific rule. When used as a subset or selection parameter, *ALL generally means to select all such rules for display or printing.

Server

A Server in Network Security is a controlled entry point into your system. These entry points are determined and defined by IBM. Network Security has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Network Security represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Network Security has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Authority Property

The authority assigned for servers and their functions.

Possible values are:

*OS400 Network Security will use normal OS/400 authority for the location. This is valid for both location and user.

*REJECT Network Security will reject requests for the specified location. This is valid for both location and user.

*SWITCH Network Security will use the authority of the switch profile for the specified location. A switch profile entry is required. This is valid for both location and user.

*MEMREJECT Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will reject requests for the specified location. This is valid for both location and user.

*MEMOS4OO Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will use normal OS/400 authority for the location. This is valid for both location and user.

*MEMUSR Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will check server user authority. This is only valid for location.

*USER Network Security will check server user authority. This is only valid for location.

*MEMSWITCH Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will use the authority of the switch profile for the specified location. A switch profile entry is required. This is valid for both location and user.

*SRVFCN Network Security will use the authority defined for the server/function. This is valid for both location and user.

*SAME Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Switch Profile Property

The name of a switch profile for this location/server/function. If a profile name is supplied, processing is swapped to run under this profile's authority. This is only valid for authorities *SWITCH and *MEMSWITCH.

Possible values are:

*NONE No switch profile is being used.

switch-profile The switch profile to process under. It must be an active profile residing on the AS/400.

*SRVFCN Network Security will use the switch profile defined for the server/function. Network Security will use the switch profile defined for the server/function.

*SAME Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Audit Property

The audit property controls the type of requests Network Security will log.

Possible values are:

Y Log all requests by the location/server/function.

N Only log authority failures for the location/server/function.

* Use the audit value for the server/function.

Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Message

The message property entry will determine if Network Security sends a message to the Network Security message queue.

Possible values are:

N No message is sent.

Y A message is sent to the Network Security message queue.

* Use the audit value for the server/function.

S Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Capture

Capture transactions for Memorized Transaction Request (MTR).

Possible values are:

N Do not capture transactions.

Y Capture transactions.

* Use the audit value for the server/function.

S Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.

Change existing

The Change existing option controls whether any existing rules are updated or not updated.

The valid values are Y and N.

Change only

If this is set to 'N' then new rules are added and (depending on the setting for Replace) existing rules are changed.

If this is set to 'Y' then only existing rules are changed.

The valid values are Y and N.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.17 | 201803210423