Краткое содержание страницы № 1
SAFENET/400
REFERENCE GUIDE
Version 8.50
™
© 2008 MP Associates of Westchester, Inc.
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Краткое содержание страницы № 2
How to contact us Direct all inquiries to: Kisco Information Systems 89 Church Street Saranac Lake, New York 12983 Phone: (518) 897-5002 Fax: (518) 897-5003 SafeNet/400 Website: http://www.kisco.com/safenet SafeNet/400 Support Website: http://www.kisco.com/safenet/support Visit the SafeNet/400 Web Site at HTTP://WWW.KISCO.COM/SAFENET ������������������������������������������������������������������������������
Краткое содержание страницы № 3
TABLE OF CONTENTS CHAPTER 1 - SETTING UP USERS..................................................................................... 1.1 SETTING THE USER LOGGING LEVELS ......................................................................................... 1.2 SAFENET ADMINISTRATOR.......................................................................................................... 1.3 SUPER TRUSTED USER CONTROL.....................................................................
Краткое содержание страницы № 4
CHAPTER 7 - TESTING YOUR SECURITY SETTINGS .................................................. 7.1 TESTING SAFENET/400 SETTINGS BASED ON YOUR HISTORICAL DATA WITH THE ON-LINE TRANSACTION TESTER ................................................................................................................. 7.2 BATCH TRANSACTION TEST REVIEW/REPORT – SECURITY REPORT BY USER ................................. 7.6 RECOMMENDED APPROACH TO TESTING.................................................
Краткое содержание страницы № 5
SafeNet/400 Reference Guide Chapter 1 - SETTING UP USERS Navigating through the screens You can perform each of the steps outlined in this chapter by using the corresponding option on the SafeNet/400 Main Menu. However, if you are setting up a new user, when you are finished with one screen you can use F9 to advance to the next without returning to the main menu. If you want to skip a step, you can cancel and return to the SafeNet/400 Main Menu. Group Profi
Краткое содержание страницы № 6
Setting the User Logging Levels The valid logging levels are: Logging Level A Log all transactions Logging Level R Log only rejected requests Logging Level N No logging As you set up your user logging levels, please keep in mind the following: If you set the logging level on the Server Function (WRKSRV) to NO LOGGING or REJECTIONS, the Server Function (WRKSRV) setting will override the individual user logging level. If you set the logging level on the Server
Краткое содержание страницы № 7
SafeNet Administrator You can set up a SafeNet/400 Administrator, or ‘Super Admin’ from the SafeNet/400 Special Jobs Menu or by using the WRKSNADM command. This can also be found on the Special Jobs Menu, Option 5 – Maintain SafeNet Administrators. The WRKSNADM command can be executed by a user with *SECADM or *SECOFR authority. A user profile must be set up as a SafeNet/400 ‘Super Admin’ to perform the following: Activate or deactivate SafeNet/400 Change/copy/remove the I
Краткое содержание страницы № 8
Super Trusted User Control Under special circumstances it may be necessary to have a user that should not be checked through all the SafeNet/400 security routines. Transactions from these users can bypass the traditional SafeNet/400 security routines; you can choose to simply log them or not log them. From the Special Jobs Menu select Option 4 – Maintain Super-Users in SafeNet. You can turn logging on or off for Super Trusted Users by using the CHGSPCSET command and ch
Краткое содержание страницы № 9
Entering User Security Levels If you plan on setting any of the Server Functions to Level 3 or Level 4, and anticipate doing anything other than simply logging all requests, the first step in configuring SafeNet/400 is to give the users authority to any Server Functions they require. 1. From the SafeNet/400 Main Menu select Option 2 - Work with User to Server Security or use WRKUSRSRV command The Work User to Server Security Enter User Profile screen appears. 2. Type
Краткое содержание страницы № 10
Type 1 in the Option column in front of each server this user will have access to. If they will have access to all the server functions, select *ALL ACTIVE SERVERS To remove access to a particular server, remove the ‘1’ and leave the Option column blank for that server. 4. Enter the Logging Level for each server. A = All R = Rejections only N = No logging When you have finished setting up servers for this user, press ENTER. 5. Enter the Job Run Priority for e
Краткое содержание страницы № 11
Entering User Authorities to Objects Once you have given the user access to the servers, the next step is to enter the level of authority the user has to objects on the System i5 if you plan on setting any of the servers to Level 4. 1. If you used F9 from the previous screen, skip to Step 4. 2. If you are currently on the SafeNet/400 Main Menu, select Option 3 - Work with User to Object Level Security or use WRKUSROBJ command The Work User to Object Security screen is displayed
Краткое содержание страницы № 12
4. In the Library or Folder column, enter the name of the library or folder, then TAB to the Object or Sub-Flr column and type in the name of the object or sub-folder. Note: Allowed entries for Library or Folder • *ALLLIB • *ALLFLR • Specific library name When setting up a library, you must enter the complete library name. Generic library names are not allowed. Allowed entries for Object • *ALL • Specific object • Generic data/program or System i5 object na
Краткое содержание страницы № 13
5. For Data Rights, type an X under the appropriate level of authority. Place an X for each data right that applies. 6. For Existence Rights, type an X if this user will be able to create, delete or move an object. To assign EXCLUSIONS to objects and/or libraries, give the user no rights by leaving the Data Rights and Existence Rights columns blank. 7. Repeat these steps for each object or group of objects for this user profile. PageDown to the next screen if you need
Краткое содержание страницы № 14
Exclusions To give all users read access to all objects in all libraries, but exclude them from any objects in the PAYROLL library, give *PUBLIC READ authority to the library and exclude *PUBLIC from the PAYROLL library. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.10 V8.50 - May 2008 �������������������������������������������������������������������������������������������������������������������������������������������
Краткое содержание страницы № 15
If the PAYDEPT profile needs to use objects in the PAYROLL library, grant user profile PAYDEPT READ authority to the PAYROLL library. This individual authority overrides the *PUBLIC authority. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.11 V8.50 - May 2008 �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Краткое содержание страницы № 16
Entering User Authorities to SQL Statements If you are going to set the SQL servers to Level 4 only, the next step is to authorize users to the SQL Statements they may need. 1. If you used F9 from the previous screen, skip to Step 4. 2. If you are currently on the SafeNet/400 Main Menu, select Option 4 - Work with User to SQL Statement Security or use WRKUSRSQL command The Work User to SQL Statements screen is displayed. 3. Type the user profile, the Group or *PUBLIC, the
Краткое содержание страницы № 17
If you would like to see the list of all users who have been defined within SafeNet/400, press F2. 5. When finished making all your selections, ENTER. 6. Press F9 to advance to the next step - setting up user authorities to FTP statements. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.13 V8.50 - May 2008 ������������������������������������������������������������������������������������������������������������������������������������
Краткое содержание страницы № 18
Entering User Authorities to FTP Statements Next you must authorize users to the FTP Statements they may need if you are going to set the FTP Server or FTP Client to Level 4. 1. If you used F9 from the previous screen, continue with Step 4. 2. If you are on the SafeNet/400 Main Menu, select Option 5 - Work with User to FTP Statement Security or use WRKUSRFTP command The Work User to FTP Statements, Enter User ID screen is displayed. 3. Type the user profile or *PUBLIC
Краткое содержание страницы № 19
If you would like to see the list of all users who have been defined within SafeNet/400, press F2. 5. Press F4 to display the Maintain Special FTP Settings for Users screen Note: Special FTP settings for a user are allowed only when your system is at OS/400 V5R1 or higher. If you are at a previous operating system level, these settings have no effect. For this user, the initial Name Format and List Format will override the settings established by the OS/400 Change FTP S
Краткое содержание страницы № 20
Name Format • *LIB indicates that the user sees standard Library/Object OS/400 style names • *PATH displays PC or *UNIX style file and directory names. List Format • *DFT user sees standard OS/400 CHGFTPA server settings • *UNIX user sees UNIX style directory listings 6. When finished making all your selections, ENTER. 7. Press F9 to continue to the next step - setting up user authorities to CL commands. Important Note: When the FTP Client point is set to Lev
