You are here:

Create User Rule panel

How to Get There

From the Network Security Main Menu, select option 2 to display the Work with Security by User panel. Press F6 to create a new user rule.

What it Does

The Create User Rule panel allows you to create a User Rule.

Field Descriptions

System

System indicates the target of any operations you perform. When you add rules, for example, those rules will be sent to, and will affect processing on, the System named.

User Type

This field is used to indicate whether the associated User field refers to an O/S user profile or a Network Security User Group.

Valid values are:

U The associated User field refers to an O/S user profile.

G The associated User field refers to a Network Security user group.

User

If the associated User Type is a 'U', User represents the identity of the person initiating a transaction as a user profile.

The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. When used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.

If the associated User Type is a 'G', User represents a Network Security User Group.

Server

A Server in Network Security is a controlled entry point into your system. These entry points are determined and defined by IBM. Network Security has assigned easy-to-remember names to these controlled entry points.

Function

A Function, or Server Function, in Network Security represents a class of operations that a given Server may perform. For example, the *SIGNON Server classifies its operations as those pertaining to changing passwords, generating authentication tokens, and retrieving signon information. Network Security has assigned easy-to-remember names to these Functions, such as CHGPWD, GENAUTTKN and RETRIEVE.

Authority Property

The authority assigned to the user for this server/function. If authority is left blank, Network Security will remove the user's entry.

Possible values are:

*OS400 Network Security will use normal OS/400 authority for the user.

*REJECT Network Security will reject requests for the specified user.

*SWITCH Network Security will use the authority of the switch profile for the specified user. A switch profile entry is required.

*MEMREJECT Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will reject requests for the specified user.

*MEMOS4OO Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will use normal OS/400 authority for the location. This is valid for both location and user.

*MEMSWITCH Check Memorized Transactions (MTR) for authority. If no MTR authority is encountered, Network Security will use the authority of the switch profile for the specified user. A switch profile entry is required.

*SRVFCN Network Security will use the authority defined for the server/function.

Switch The Switch profile holds the name of a user profile whose authority is used to process the transaction instead of the authority of the User initiating the transaction. The transaction is executed as, and uses the authority of, this Switch profile.

Switch profile is allowed only when Authority contains *SWITCH or *MEMSWITCH, if *MEMSWITCH is allowed. Otherwise it must contain *NONE.

Aud

The Audit transactions flag controls the logging of transactions to the Log Journal set up on the Work with Network Security System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Logs all requests when this rule is enforced.

N Logs only access failures (rejects) for this rule.

Msg

The Send messages flag controls the sending of messages to the Log Message Queue set up on the Work with Network Security System Values panel.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Sends a message when this rule is enforced.

N Does not send a message when this rule is enforced.

Capture

The Capture transactions flag controls whether transactions are remembered in Network Security for later memorization. Once captured, transactions can become Memorized Transactions which can act as rules.

The valid values are:

* Uses the value found in the rule above this one in the rule hierarchy.

Y Captures the transaction when this rule is enforced.

N Does not capture the transaction when this rule is enforced.

Command Keys

F3 (Exit): Exit the screen without processing any pending changes.

F4 (Prompt): Displays a list of possible values from which you may select one.

F12 (Cancel): Exit the screen without processing any pending changes.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.17 | 201803210423