Security and user authority
The operating system determines which resources users might access based on information in their user profiles and the security strategy implemented for this system.
Security is a critical part of system operations. It is built into the operating system, and impacts nearly every function on the system. The IBM i security environment determines the commands and functions available to users, and the objects they can access.
Typically the security strategy restricts the objects a user can access. For systems with object-level security, there are several ways to provide authority to access objects. Often, user profiles will explicitly grant types of access to specific objects. To simplify the task of managing all these permissions, authorization lists can specify groups of objects, and users can be given access to these lists. Accessing these lists then provides access to all of the objects the list specifies.
The level of system security and other more detailed security practices often affect system operations. The following concepts are important for understanding user requirements in various security environments.
| Security levels | The operating system operates in one of several predefined levels of security. The security level currently in effect determines the level of detail that user profiles must provide to grant appropriate access to system resources. This level of detail can range from simple password management to explicitly providing a level of access to each object that a user can read or change. |
|---|---|
| Security system values | Many more detailed aspects of system security are set by the system values. These system values set the security level, and grant or restrict options like adopted authority. |
| User profiles | The user profile contains most of the authorizations and preferences for individual users or groups. You can use System i® Navigator to create and manage users and groups across the system. |
| Authorization lists | You can create authorization lists that specify groups of objects. Users and groups can then be authorized to this list, granting them authority to everything that list contains. |
Also, security settings regarding policies and authorization lists are available in System i Navigator under Security.