Selection Criteria tab fields identify the attributes of the rule that will be used to determine if the rule is applicable according to the context of the request. For the Default rule, fields on this tab cannot be changed.
For Additional Selection Options fields, the rule category determines which of the possible fields can be displayed.
When a field or value has a different name than its 5250 user interface equivalent, the 5250 name is shown in parentheses () at the end of the description.
Users
Identifies the user profiles or types of user profiles that can be authenticated by the rule when detected by the rules engine. The user profiles must also match the other selection criteria specified on the rule. (5250 field: Type of Users)
When an additional field appears below Users, you can specify specific or generic names.
All | This rule can be used to authenticate all user profiles. (Type of Users=A) | |
Users or Groups |
This rule can be used to authenticate user profiles or group profiles that match the specified name. If the specified name is a group profile, all primary and supplemental members of the group can be authenticated by the rule. (Type of Users=B) An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input. Examples:
|
|
Users Only |
This rule can be used to authenticate only user profiles with the specified name. (Type of Users=U) An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input. Examples:
|
|
Groups Only | This rule can be used to authenticate only group profiles that match the
specified name. All primary and supplemental members of the group can be
authenticated by the rule. (Type of Users=G) An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input. Examples:
|
|
Use Distribution List | This rule can be used to authenticate all user profiles identified in the specified distribution list. The Distribution list must exist within Assure Security. Distribution lists are known as Destinations within the 5250 user interface (Type of Users=D). | |
Use Condition List | This rule can be used to authenticate all user profiles identified in the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**) and it can contain only one column and have a data type of USR_GRPPRS. (Type of Users=C) For details on creating a condition list using the WRKQJLCM command, refer to How to create a condition list under Common Functions and Tools in Assure Security. |
Job
Field | Description |
Job name |
Limits the rule to jobs with the specified job name or a job defined to the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**). |
Job type | Limits the rule to jobs of the specified job type. These job types are possible:
Note:
|
Job subtype | Limits the rule to jobs of the specified job subtype. These job subtypes are
possible:
|
Subsystem | Limits the rule to those jobs running in the specified subsystem or in a subsystem specified in a specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**). |
IASP |
Limits the rule to jobs that are using the specified IASP or jobs using IASPs identified in a specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**). |
Network
Field | Description |
IP address | Limits the rule to user profiles with the specified IP address or range of values. Note: This field works as specified when working with the 5250 listener. However, when working with the web listener, the rules engine always receives the address 127.0.0.1 (the IP address of the HTML server located on IBM i) and does not select the correct matching rule for this field. It is recommended to set this field to % if you are working with the web listener.
|
Profile Attributes
Field | Description |
Profile description | Limits the rule to user profiles with the specified profile description. |
Special authorities |
Limits the rule to those user profiles that have all the specified special authorities. These special values are possible: *ALLOBJ, *AUDIT, *IOSYSCFG, *JOBCTL, *SAVSYS, *SECADM, *SERVICE, *SPLCTL |
Limit capabilities | Limits the rule to those users that have the specified value for the Limit Capabilities (LMTCPB) attribute in their user profile. These limit capabilities values are possible:
|
Profile status |
Limits the rule to those users that have the specified value for the Status (STATUS) attribute in their user profile. These status attributes are possible: Enabled, Disabled. |
User class | Limits the rule to those users that have the specified value for the User class (USRCLS) attribute in their user profile. These user classes values are possible *PGMR, *SECADM. *SECOFR, *SYSOPR. *USER. |
Accounting code | Limits the rule to those users that have the specified value for the Accounting code (ACGCDE) attribute in their user profile. |
Language | Limits the rule to those users that have the specified value for the Language ID (LANGID) attribute in their user profile. |
System
Field | Description |
System name | Limits the rule to jobs running in the specified system or a system defined to the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**). The data type tie to USR_GRPPRS only applies to users or group names, not other condition lists like system or job names. |
Timeframe
Field | Description |
Date range | Limits the rule to the specified date range. (5250 fields: From date, End date) |
Time range | Limits the rule to the specified time range. (5250 fields: Start time, End time) |