Logical partition authority
The authorities that you grant to service tool users determines what logical partition information they can access and what tasks they can perform. Care should be exercised in assigning service tool user profile privileges to manage partition security.
Two service tool functional privileges relate to logical partitions. These privileges support basic operations or advanced administration.
To grant a user logical partition operations authority perform the following steps:
- Start DST as QSECOFR or with any other user ID with Service tool security privilege.
- Select option 5 (Work with DST environment).
- Select option 3 (Service tools user profiles).
- Select option 1 (Create) to create a new user profile or option 7 (Change attributes) to adjust an existing user.
- Ensure that the System partitions-operations privilege is granted.
To grant a user logical partition administration authority (which enables all operation task as well), perform the following steps:
- Start DST as QSECOFR or with any other user ID with Service tool security privilege.
- Select option 5 (Work with DST environment).
- Select option 3 (Service tools user profiles).
- Select option 1 (Create) to create a new user profile or option 7 (Change attributes) to adjust an existing user.
- Ensure that the System partitions-administration privilege is granted.
The following table describes which authority is required to complete a logical partition task:
Table 1. Authority required to complete a logical partition task Function Administration authority Operation authority Accept a disk unit as load source for a logical partition X Change a bus ownership type X Change a default electronic customer support resource X X Change a partition name X X Change communication options with resources in use (forced) X Change communication options with resources not in use X X Change I/O configuration of primary and secondary partitions X X Change operating mode for a logical partition X X Change the alternate restart device for a logical partition X X Change the guest partition host information X X Change the partition type X Change the restart source command line parameters of a guest partition X X Change the load source for a logical partition X X Clear nonreporting resources on logical partitions X Clear partition configuration from nonconfigured disk units X Copy partition configuration data between load sources X Create a new logical partition X Create a guest partition X Delete a logical partition X Delete all logical partition configuration data X Display available hardware resources X X Display the communication options of a logical partition X X Display the console for a partition X X Display the logical partition operating system release level X X Display the operating system type for a partition X X Display the partition ID X X Display the PCI information X X Display the remote control panel for a logical partition X X Display the system reference code history for logical partitions X X Display system resources X X Dynamic movement of interactive performance X X Dynamic movement of I/O processors X X Dynamic movement of memory X X Dynamic movement of processors X X Enable the virtual ethernet communication for a logical partition X X Find a logical address for a resource X X Move a dedicated processor X X Move a dedicated processor to the shared processor pool X X Move an I/O processor with resources in use (forced) X X Move an I/O processor with resources not in use X X Move interactive performance, memory or shared processing power X X Move an I/O adapter assigned to an I/O processor to a guest partition X X Move an I/O adapter to a guest partition X X Move an I/O adapter assigned to an i5/OS® partition X X Perform main storage dumps on servers with logical partitions X X Prevent a secondary logical partition from restarting during a system restart X X Print system configuration for logical partitions X X Recover logical partition configuration data X Reset a disk unit I/O processor with logical partitions X X Restart a secondary logical partition during a system restart X Restart a system with logical partitions X X Restore all logical partition configuration data X X Save all logical partition configuration data X X Schedule a dedicated processor move X X Schedule an interactive performance move X X Schedule an I/O processor move X X Schedule a memory move X X Schedule a shared processor move X X Update partition configuration data on all logical partitions X Use remote service with logical partitions X X View the status of a logical partition X X To use an Operations Console remote panel across the LAN, a PC needs a device profile in the primary partition with the Partition remote panel XXXXXXXX nnn attribute where XXXXXXXX is the target partition name and nnn is the numeric partition identifier. To grant a user the ability to user the remote panel, perform the following steps:
- Start DST as QSECOFR or with any other user ID with Service tool security privilege.
- Select option 5 (Work with DST environment).
- Select option 5 (Service tools device profiles).
- Select option 1 (Create) to create a new device profile or option 7 (Change attributes) to adjust an existing device.
- Ensure that the Partition remote panel attribute for the appropriate partition is granted.
This device profile enables panel functions from the remote console graphical user interface on the PC. All users will require a valid service tool user profile. For most functions, no special privilege is required to use the panel. However, to change the panel key position (Manual, Normal, Auto, or Secure), the user will require a service tool user profile in the primary partition with the Partition remote panel key XXXXXXXXnnn where XXXXXXXX is the target partition name and nnn is the numeric partition identifier.
Partition remote panel key XXXXXXXX nnn where XXXXXXXX
is the target partition name and nnn is the numeric partition identifier. To grant a user the ability to change the key, perform the following steps:
- Start DST as QSECOFR or with any other user ID with Service tool security privilege.
- Select option 5 (Work with DST environment).
- Select option 3 (Service tools user profiles).
- Select option 1 (Create) to create a new user profile or option 7 (Change attributes) to adjust an existing user.
- Ensure that the Partition remote panel key privilege for the appropriate partition is granted.
Parent topic:
Managing logical partitions by using iSeries Navigator, DST, and SSTRelated concepts
Managing logical partitions by using iSeries Navigator, DST, and SST Managing security for logical partitionsRelated tasks
Creating logical partitions Starting SST and DST for logical partitionsRelated reference
Service tools user IDs