Manta alt

YOUR IBM i TRAINING SOURCE

You must allow the browser to execute JavaScript programs if you want to view product information. If your browser is set up to execute JavaScript programs, the problem is that the product ID was incorrect. Use the menu bar above to find the desired product.

Overview

Audio

If you took the previous courses in this series, you saw that a user can gain an authority to an object in any of three ways:

  • Via a special authority
  • Through the object's public authority
  • By receiving a private authority to the object

This course describes three additional ways a user can gain authority to access an object:

  • By membership in a group
  • Through an authorization list
  • Via an adopted authority

These methods are often employed to grant a user the necessary authorities to access the programs, database files, and other objects that make up an application system.

Each method is covered in a separate interactive session.

The first session of this course covers group profiles. A group profile can be used to give object authority to a collection of users with common access requirements.

An authorization list is used to control access to a collection of objects. The second session of this course discusses the application security requirement that is satisfied by authorization lists. It also covers the IBM i facilities for creating and maintaining such lists.

Adopted authority is covered in the third session. Adopted authority grants a user the temporary authority needed to execute a program. You will see how to set up adopted authority for an application and the considerations that you must keep in mind to avoid potential security exposures.

The course ends with a discussion of authority holders. These are objects that can be used to provide IBM i security for System/36 applications.

Approximate Study Time: 90 minutes

Objectives

After completing this course, you should be able to:

  • Order the steps required to set up a group profile and member profiles
  • Identify the authorities granted to a user by being a member of a group
  • Describe how user profile parameters can be used to control the ownership and authorities for objects created by group members
  • Compare the advantages of using an authorization list to those of using a group profile
  • Identify the authorities granted to a user via a given authorization list
  • Identify the steps required to use adopted authority
  • Describe the purpose of authority holders
  • Use IBM i facilities to
    • Create, edit, display, or delete an authorization list
    • Add, change, or remove a user entry in an authorization list
    • Put an object under the control of an authorization list
    • Remove an object from the control of an authorization list
    • Display the objects under the control of an authorization list
    • Determine the users who can access an object as a result of adopted authority

Topic Outline

Group Profiles

Authorization Lists

Adopted Authority

Authority Holders

Audience

The course is intended for security officers and other personnel who are responsible for designing and implementing a system security plan. The audience also includes system administrators, programmers, managers, and users who will participate in security planning for the system as a whole or for one or more applications.

Prerequisites

This course assumes that you are familiar with the concepts and basic operations of IBM i systems. You can satisfy these prerequisites by successfully completing the courses in the following series:

Finally, the course assumes that you have an understanding of IBM i security concepts and know how to grant object authorities. You can satisfy this prerequisite by successfully completing the previous courses of this series:

You may also have obtained these skills by taking other courses or through relevant work experience.