This information helps you establish resource security for workstations and printers by setting ownership and public authority to objects, as well as specific authority to applications.
Your most important protection is resource security on your server. Resource security on the system allows you to define who can use objects and how those objects can be used. The ability to access an object is called authority. When you set up object authority, you can need to be careful to give your users enough authority to do their work without giving them the authority to browse and change the system. Object authority gives permissions to the user for a specific object and can specify what the user is allowed to do with the object. An object resource can be limited through specific detailed user authorities, such as adding records or changing records.
System resources can be used to give the user access to specific system-defined subsets of authorities: *ALL, *CHANGE, *USE, and *EXCLUDE. Files, programs, libraries, and directories are the most common system objects that require resource security protection, but you can specify authority for any individual object on the system.
Defining Who Can Access Information
You can give authority to individual users, groups of users, and the public.
In some environments, a user’s authority is referred to as a privilege. You define who can use an object in several ways:
Defining How Information Can Be Accessed
Authority means the type of access allowed to an object. Different operations require different types of authority.
In some environments, the authority associated with an object is called the object’s mode of access. Authority to an object is divided into three categories:
Defining What Information Can Be Accessed
You can define resource security for individual objects on the system. You can also define security for groups of objects using either library security or an authorization list.
Library Security
Many objects on the system reside in libraries. To access an object, you need authority both to the object itself and the library in which the object resides. For most operations, including deleting an object, *USE authority to the object library is sufficient (in addition to the authority required for the object). Creating a new object requires *ADD authority to the object library. Special authority is required by some CL commands for objects and the object libraries. Using library security is one technique for protecting information while maintaining a simple security scheme.
Although library security is a simple, effective method for protecting information, it may not be adequate for data with high security requirements. Many objects reside in directories. Highly sensitive objects should be secured individually or with an authorization list, rather than relying on library security.
You will need the following worksheets during this process:
Complete the following tasks:
Related concepts
Resource security