Authority requirements

 

Quality of service (QoS) policies might contain sensitive information about your network. Therefore, QoS administrative authority must only be granted when necessary.

The following authorities are required before you can configure QoS policies, optionally Lightweight Directory Access Protocol (LDAP) directory servers.

 

Granting authorities to manage the directory server

The QoS administrator needs the following authorities: *ALLOBJ authority and *IOSYSCFG. See Configuring directory server for alternative authorities.

 

Granting authority to start the TCP/IP server

To grant object authority to the STRTCPSVR and ENDTCPSVR commands, follow these steps:

  1. STRTCPSVR: At the command line, type GRTOBJAUT OBJ (QSYS/STRTCPSVR) OBJTYPE (*CMD) USER (ADMINPROFILE) AUT (*USE), substituting the name of your administrator's profile for ADMINPROFILE, and press Enter.

  2. ENDTCPSVR: At the command line, type GRTOBJAUT OBJ (QSYS/ENDTCPSVR) OBJTYPE (*CMD) USER (ADMINPROFILE) AUT (*USE), substituting the name of your administrator's profile for ADMINPROFILE, and press Enter.

 

Granting all object access and system configuration authorities

It is suggested that users who configure QoS have security officer access. To grant all object access and system configuration authorities, follow these steps:

  1. In iSeries™ Navigator, expand your system > Users and Groups.

  2. Double-click All users.

  3. Right-click the administrator's user profile and select Properties.

  4. On the Properties window, click Capabilities.

  5. On the Capabilities page, select All object access and System configuration.

  6. Click OK to close the Capabilities page.

  7. Click OK to close the Properties window.

 

Parent topic:

Planning for QoS