Security and user authority

 

The operating system determines which resources users might access based on information in their user profiles and the security strategy implemented for this system.

Security is a critical part of system operations. It is built into the operating system, and impacts nearly every function on the system. The System i™ security environment determines the commands and functions available to users, and the objects they can access.

Typically the security strategy restricts the objects a user can access. For systems with object-level security, there are several ways to provide authority to access objects. Often, user profiles will explicitly grant types of access to specific objects. To simplify the task of managing all these permissions, authorization lists can specify groups of objects, and users can be given access to these lists. Accessing these lists then provides access to all of the objects the list specifies.

The level of system security and other more detailed security practices often affect system operations. The following concepts are important for understanding user requirements in various security environments.

Security levels The operating system operates in one of several predefined levels of security. The security level currently in effect determines the level of detail that user profiles must provide to grant appropriate access to system resources. This level of detail can range from simple password management to explicitly providing a level of access to each object that a user can read or change.
Security system values Many more detailed aspects of system security are set by the system values. These system values set the security level, and grant or restrict options like adopted authority.
User profiles The user profile contains most of the authorizations and preferences for individual users or groups. You can use iSeries™ Navigator to create and manage users and groups across the system.
Authorization lists You can create authorization lists that specify groups of objects. Users and groups can then be authorized to this list, granting them authority to everything that list contains.

Also, security settings regarding policies and authorization lists are available in iSeries Navigator under Security.

  • Authority to access objects
    Depending on the security level and other security settings, users might be given several levels of access to objects on the system.

  • Security levels
    The operating system operates in one of several predefined levels of security. The security level currently in effect determines the level of detail that user profiles must provide to grant appropriate access to system resources. This level of detail can range from simple password management to explicitly providing a level of access to each object that a user can read or change.

  • User profiles
    The user profile contains most of the authorizations and preferences for individual users or groups. With iSeries Navigator, you can create and manage users and groups across the system.

  • Authorization lists
    Authorization lists consist of a list of users or groups, the type of authority (use, change, and exclude) for each user or group, and a list of objects to which this list provides access.

 

Parent topic:

i5/OS concepts

Related concepts
System values