Resource security
You can use resource security on the system to control the actions of authorized users after successful authentication.
- Confidentiality of information.
- Accuracy of information to prevent unauthorized changes.
- Availability of information to prevent accidental or deliberate damage.
The security officer protects the resources (objects) on the system by determining who has the authority to use them and how user can access these objects. The security officer can set object authorities for individual objects or for groups of objects (authorization lists). Files, programs, and libraries are the most common objects requiring protection, but system security allows you to set object authorities for any object on the system.
You can manage resource security easily and effectively, if you plan a straightforward approach in advance. A resource security scheme created without prior planning can become complicated and ineffective.
Resource security on the system allows you to define who can use objects and what operations they can perform on those objects. The ability to access an object is called authority. When you set up object authority, you need to be careful to give your users enough authority to do their work without giving them the authority to browse and change the system. Object authority gives permissions to the user for a specific object and can specify what the user is allowed to do with the object. You can limit an object resource through specific detailed user authorities, such as adding records or changing records. System resources can be used to give the user access to specific system-defined subsets of authorities: *ALL, *CHANGE, *USE, and *EXCLUDE.
Files, programs, libraries, and directories are the most common system objects that require resource security protection, but you can specify authority for each object on the system.