Other courses in this series describe all the ways in which an object can be protected and the ways in which authority to an object can be granted to a user. They also show the related IBM i commands and panels. This course shows how the various security mechanisms can be used together to satisfy a given security requirement.
The course begins with a review of the IBM i security mechanisms that are covered in other courses in this series. While you should now understand how each mechanism works by itself, the situation can get complicated when two or more techniques are used together.
The second session describes the logic followed by IBM i to determine whether a user has the necessary authority to access an object in a specified manner. In addition, the session offers recommendations for setting up a security plan that makes use of this logic to improve system performance.
The course then describes a security feature that was introduced in the third course of this series, primary groups. As described in Controlling Application Security, a primary group is a group profile that provides improved performance for group members who access objects owned by another group member. You will see how to set up and maintain primary groups using IBM i commands.
The remaining topics of the course are directed to the security officer and other personnel who are responsible for the overall security plan for your organization's IBM i system. Your need to understand these issues depends on your job functions and your installation's security level. Following are the topics covered:
- Security audit journaling
- Security levels 40 and 50
- Backup and recovery
Approximate Study Time: 90 minutes
After completing this course, you should be able to:
- Select the optimal security mechanism to implement a given application requirement
- Determine the authority of a user to access an object, given the description of an application that uses a variety of security mechanisms
- Determine the primary group, if any, associated with an object
- Designate a primary group for an object
- Change the primary group for an object
- Identify the types of security events that can be identified using IBM i security auditing facilities
- Identify the events that are treated as security violations by security levels 40 and 50, but not by level 30
- Identify the location of IBM i security information and how this affects an installation's backup/ recovery plan
Using Primary Groups
Security Levels 40 and 50
Backup and Recovery
The course is intended for security officers and other personnel who are responsible for designing and implementing a system security plan. The audience also includes system administrators, programmers, managers, and users who will participate in security planning for the system as a whole or for one or more applications.
This course assumes that you are familiar with the concepts and basic operations of IBM i systems. You can satisfy these prerequisites by successfully completing the courses in the following series:
Finally, the course assumes that you have an understanding of IBM i security concepts, including group profiles, authorization lists, and adopted authority. You can satisfy this prerequisite by successfully completing the previous courses of this series:
You may also have obtained these skills by taking other courses or through relevant work experience.