Operators
The Operators' authority management is now maintained from one place for the entire iSecurity on all its modules.
There are three default groups:
- *AUD#SECAD - All users with both *AUDIT and *SECADM special authorities. By default, this group has full access (Read and Write) to all iSecurity components.
- *AUDIT - All users with *AUDIT special authority. By default, this group has only Read authority to Audit.
- *SECADM - All users with *SECADM special authority- By default, this group has only Read authority to Firewall.
iSecurity related objects are secured automatically by product authorization lists (named security1P). This strengthens the internal security of the product. It is essential that you use Work with Operators to define all users who have *SECADM, *AUDIT or *AUD#SECAD privileges, but do not have all object authority. The Work with Operators screen has Usr (user management) and Adm for all activities related to starting, stopping subsystems, jobs, import/export and so on. iSecurity automatically adds all users listed in Work with Operators to the appropriate product authorization list.
Users may add more operators, delete them, and give them authorities and passwords according to their own judgment. Users can even make the new operators’ definitions apply to all their systems; therefore, upon import, they will work on every system.
Password = *BLANK for the default entries. Use DSPPGM GSIPWDR to verify. The default for other user can be controlled as well.
If your organization wants the default to be *BLANK, then the following command must be used:
CRTDTAARA SMZTMPC/DFTPWD *char 10
This command creates a data area called DFTPWD in library SMZTMPC. The data area is 10 bytes long and is blank.
NOTE: When installing iSecurity for the first time, certain user(s) might not have access according to the new authority method. Therefore, the first step you need to take after installing is to edit those authorities.
To modify operators’ authorities:
- Select 89. BASE Security from the Main Menu. The BASE Security menu appears.
- Select 11. Work with Operators from the BASE Security menu. The Work with Operators screen appears.
- Type 1 next to the user to modify his authorities (or press F6 to add a new user). The Modify Operator screen appears.
- Set authorities and press Enter. A message is prompted informing that the user being added/modified was added to the Authority list that secures the product's objects; the user carries Authority *CHANGE and will be granted Object operational authority. The Authority list is created in the installation/release upgrade process. The SECURITY_P user profile is granted Authority *ALL while the *PUBLIC is granted Authority *EXCLUDE. All objects in the libraries of the product (except some restricted special cases) are secured via the Authority list.
| Work with Operators Type options, press Enter. 1=Select 3=Copy 4=Delete Auth.level: 1=*USE, 3=*QRY(FW,AU,JR,SU,CT), 5=*DFN(CT,EN,SU), 9=*FULL User System FW SC PW CD AV AU AC CA JR SU VS RP CO CT UM EN AD *AUD#SECAD RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 *AUDIT RLDEV 9 9 9 9 9 9 *SECADM RLDEV 9 9 9 9 9 9 ALEXM RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 ALEX3 RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 AMNON RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 DB RLDEV 9 9 9 9 9 9 9 1 9 9 9 9 9 9 9 9 9 GS RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 MARY RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 QSECOFR RLDEV 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 More... FW=Firewall SC=Screen PW=Password CD=Command AU=Audit AC=Action AV=Antivirus CA=Capture JR=Journal VS=Visualizer UM=User Mgt. AD=Admin RP=Replication CO=Compliance CT=Chg Tracker EN=Encryption SU=SafeUpd F3=Exit F6=Add new F8=Print F11=*SECADM/*AUDIT authority F12=Cancel |
| Modify Operator Operator . . . . . . . . . TEST System . . . . . . . . . . RLDEV *ALL, Name Operator password . . . . . *SAME Name, *SAME, *BLANK Auth.level: 1=*USE, 3=*QRY(FW,AU,CT,SU,JR), 5=*DFN(CT,EN,SU), 9=*FULL Firewall . . . . . . . . . FW 9 Screen . . . . . . . . . . SC 9 Password . . . . . . . . . PW 9 Command . . . . . . . . . . CD 9 AntiVirus . . . . . . . . . AV 9 Audit . . . . . . . . . . . AU 9 Action . . . . . . . . . . AC 9 Capture . . . . . . . . . . CA 9 Journal . . . . . . . . . . JR 9 Safe Update . . . . . . . . SU 9 Visualizer . . . . . . . . VS 9 Replication . . . . . . . . RP 9 Compliance . . . . . . . . CO 9 Change Tracker . . . . . . CT 9 User Management . . . . . . UM 9 Encryption . . . . . . . . EN 9 Administrator . . . . . . . AD 9 The Report Generator is used by most modules and requires 1 or 3 in Audit. Consider 1 or 3 for your auditors (with 3 they can create/modify queries). *APR=Approver. F3=Exit F12=Cancel |
Set the Password field to the password for the operator. Set it to *SAME to make it the same as the password for the previous operator that was set, or to *BLANK to have no password.
Set the numeric field for each module to one of these values:
1 = Use
Read authority only
4 = Limited *EMERGENCY
Can enable or modify emergency rules, but not change PIN codes.
5 = *EMERGENCY
Can enable or change emergency rules.
8 = Limited *FULL
Read and Write authority, cut cannot change PIN codes.
9 = *FULL
Full Read and Write authority
Most modules use the Report Generator which requires access to the Audit module. For all users who will use the Report Generator, you should define their access to the Audit module as either 1 or 3. Option 1 should be used for users who will only be running queries. Use option 3 for all users who will also be creating/modifying queries.