Restoring security information

Recovering your system often requires restoring data and associated security information.

The usual sequence for recovery is:

1. Restore user profiles and authorization lists (RSTUSRPRF USRPRF(*ALL)).

2. Restore objects (RSTLIB, RSTOBJ, or RSTCFG).

3. Restore the private authorities to objects (RSTAUT).

• Restoring related system values
  This information enables you to control how and which security-related objects are restored on the system.

• Restoring user profiles
  Some changes may be made to a user profile when it is restored.

• Restoring objects
  When you restore an object to the system, the system uses the authority information stored with the object.

• Restoring authority
  When security information is restored, private authorities must be rebuilt. When you restore a user profile that has an authority table, the authority table for the profile is also restored. The Restore Authority (RSTAUT) command rebuilds the private authority in the user profile using the information from the authority table.

• Restoring programs
  Restoring programs to your system that are obtained from an unknown source poses a security exposure. Programs might perform operations that break your security requirements. Of particular concern are programs that contain restricted instructions, programs that adopt their owner authority, and programs that have been tampered with.

• Restoring licensed programs
  The Restore Licensed Programs (RSTLICPGM) command is used to install IBM-supplied programs on your system. It can also be used to install non-IBM programs created using the SystemView* System Manager/400* licensed program.

• Restoring authorization lists
  Authorization lists are saved by either the SAVSECDTA command or the SAVSYS command.

• Restoring the operating system
  When you perform a manual IPL on your system, the IPL or Install the System menu provides an option to install the operating system.

Parent topic: