If you took the previous courses in this series, you saw that a user can gain an authority to an object in any of three ways:
- Via a special authority
- Through the object's public authority
- By receiving a private authority to the object
This course describes three additional ways a user can gain authority to access an object:
- By membership in a group
- Through an authorization list
- Via an adopted authority
These methods are often employed to grant a user the necessary authorities to access the programs, database files, and other objects that make up an application system.
Each method is covered in a separate interactive session.
The first session of this course covers group profiles. A group profile can be used to give object authority to a collection of users with common access requirements.
An authorization list is used to control access to a collection of objects. The second session of this course discusses the application security requirement that is satisfied by authorization lists. It also covers the IBM i facilities for creating and maintaining such lists.
Adopted authority is covered in the third session. Adopted authority grants a user the temporary authority needed to execute a program. You will see how to set up adopted authority for an application and the considerations that you must keep in mind to avoid potential security exposures.
The course ends with a discussion of authority holders. These are objects that can be used to provide IBM i security for System/36 applications.
Approximate Study Time: 90 minutes
After completing this course, you should be able to:
- Order the steps required to set up a group profile and member profiles
- Identify the authorities granted to a user by being a member of a group
- Describe how user profile parameters can be used to control the ownership and authorities for objects created by group members
- Compare the advantages of using an authorization list to those of using a group profile
- Identify the authorities granted to a user via a given authorization list
- Identify the steps required to use adopted authority
- Describe the purpose of authority holders
- Use IBM i facilities to
- Create, edit, display, or delete an authorization list
- Add, change, or remove a user entry in an authorization list
- Put an object under the control of an authorization list
- Remove an object from the control of an authorization list
- Display the objects under the control of an authorization list
- Determine the users who can access an object as a result of adopted authority
The course is intended for security officers and other personnel who are responsible for designing and implementing a system security plan. The audience also includes system administrators, programmers, managers, and users who will participate in security planning for the system as a whole or for one or more applications.
This course assumes that you are familiar with the concepts and basic operations of IBM i systems. You can satisfy these prerequisites by successfully completing the courses in the following series:
Finally, the course assumes that you have an understanding of IBM i security concepts and know how to grant object authorities. You can satisfy this prerequisite by successfully completing the previous courses of this series:
You may also have obtained these skills by taking other courses or through relevant work experience.