Add/Change User Rules
How to Get There
Enter option 2 on the Network Security Main Menu to display the Work with Security by User panel. Press F2 to display the Add User Rules panel.
What it Does
The Global Rule Facility panel allows you to create user rules for all Servers.
These rules will have a Function of *ALL.
Options
System
System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.
User Type
This field is used to indicate whether the associated User field refers to an O/S user profile or a Network Security User Group.
Valid values are:
User
User represents the identity of the person initiating a transaction as a user profile.
The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. when used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.
If the associated User Type is a 'G', User represents a Network Security User Group.
Server
A Server in Network Security is a controlled entry point into your system. These entry points are determined and defined by IBM. Network Security has assigned easy-to-remember names to these controlled entry points.
Function
A Function, or Server Function, in Network Security represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Network Security has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.
Authority Property
The authority assigned for servers and their functions.
Possible values are:
Switch
The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile.
Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise it must contain *NONE.
Audit Property
The audit property controls the type of requests Network Security will log.
Possible values are:
Network Security will not change the existing settings and will not create new rules when the All Servers option is taken. This is valid for both location and user.
Message
The message property entry will determine if Network Security sends a message to the Network Security message queue.
Possible values are:
Capture
Capture transactions for Memorized Transaction Request (MTR).
Possible values are:
Change existing
The Change existing option controls whether any existing rules are updated or not updated.
The valid values are Y and N.
Change only
If this is set to 'N' then new rules are added and (depending on the setting for Replace) existing rules are changed.
If this is set to 'Y' then only existing rules are changed.
The valid values are Y and N.
Command Keys
F3 (Exit): Exit the panel without processing any pending changes.
F12 (Cancel) Exit the panel without processing any pending changes.