This course covers the IBM i commands used to control the security of integrated file system (IFS) directories and the objects they contain.
The course begins by relating the security of IFS objects to what you already know, the security of libraries and traditional IBM i objects. As you will see, the concepts of object ownership, public authority, private authority, group profiles, authorization lists, and adopted authority carry over to the IFS environment with little change.
The course then describes the commands and panels used to grant a user private authority to an IFS object. You will also see how to transfer the ownership of an IFS object to another user.
Next, the course describes the concept of primary group authority. While primary group authority is not limited to files and directories, this concept was introduced to IBM i at the same time as the integrated file system. You will see how to assign primary group authority for an IFS object.
Finally, the course describes a security problem that is introduced by the combined use of System i Access and the integrated file system. After understanding why the problem exists, you will learn how to implement IBM's recommended solution.
Approximate Study Time: 2 hours
After completing this course, you should be able to:
- Identify the authorities needed for a user to access directories and files in specified ways
- Identify the default value that is used when no public authority is specified for an IFS object
- Specify the public authority for a new directory
- Change the home directory of a user
- Determine which users can access an IFS object and their respective authorities
- Grant a user the authority to access an IFS object
- Revoke the authority of a user to access an IFS object
- Change the level of authority a user has to an IFS object
- Put an IFS object under the control of an authorization list
- Pass the ownership of an IFS object to another user
- Determine the primary group, if any, associated with an IFS object
- Designate a primary group for an IFS object
- Change the primary group for an IFS object
- Describe the security problem introduced by the combined use of System i Access and the integrated file system
- Use an authorization list to limit the ability of System i Access users to view library objects
File and Directory Authorities
Securing IFS Objects
Changing Object Ownership
Using Primary Group Authority
Restricting System i Access Users
The course is intended for security officers and other personnel who are responsible for designing and implementing a system security plan. The audience also includes system administrators, programmers, managers, and users who will participate in security planning for the system as a whole or for one or more applications.
This course assumes that you are familiar with the concepts and basic operations of IBM i systems. You can satisfy these prerequisites by successfully completing the courses in the following series:
You should also understand the structure and use of the integrated file system. You can satisfy this prerequisite by successfully completing the following course:
Finally, the course assumes that you have an understanding of IBM i security concepts and commands. It is assumed that you obtained this understanding through relevant work experience or by taking other courses. If you are unfamiliar with IBM i security, you should not take this course. Instead, you should take the courses in the IBM i Security series. That series includes all of the topics covered by this course.