Selection Criteria tab - 7.0

Assure Security Web User Interface Guide

Version
7.0
Language
English
Product name
Assure Security
Title
Assure Security Web User Interface Guide
Copyright
2024
First publish date
1999
Last updated
2024-10-15
Published on
2024-10-15T10:28:29.100769

Selection Criteria tab fields identify the attributes of the rule that will be used to determine if the rule is applicable according to the context of the request. For the Default rule, fields on this tab cannot be changed.

For Additional Selection Options fields, the rule category determines which of the possible fields can be displayed.

When a field or value has a different name than its 5250 user interface equivalent, the 5250 name is shown in parentheses () at the end of the description.

Users

Identifies the user profiles or types of user profiles that can be authenticated by the rule when detected by the rules engine. The user profiles must also match the other selection criteria specified on the rule. (5250 field: Type of Users)

When an additional field appears below Users, you can specify specific or generic names.

All This rule can be used to authenticate all user profiles. (Type of Users=A)
Users or Groups

This rule can be used to authenticate user profiles or group profiles that match the specified name. If the specified name is a group profile, all primary and supplemental members of the group can be authenticated by the rule. (Type of Users=B)

An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input.

Examples:
  • JOE - user profile JOE and any user profile with a primary or supplemental group profile of JOE
  • JOE* - user profiles JOE, JOEA, JOEB, JOEXYZ (not AOE, BJOE, XYZJOE) and any user profile with a primary or supplemental group profile of JOE, JOEA, JOEB, JOEXYZ (not AOE, BJOE, XYZJOE)

  • *JOE - user profiles JOE, AJOE, BJOE, XYZJOE (not JOEA, JOEB, JOEXYZ) and any user profile with a primary or supplemental group profile of JOE, AJOE, BJOE, XYZJOE (not JOEA, JOEB, JOEXYZ)

  • *JOE* - user profile IDs that contain JOE and any user profile with a primary or supplemental group profile that contains JOE, e.g. JOE, AJOEA, BJOEB, XYZJOEXYZ

Users Only

This rule can be used to authenticate only user profiles with the specified name. (Type of Users=U)

An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input.

Examples:
  • JOE - user profile JOE
  • JOE* - user profile JOE, JOEA, JOEB, JOEXYZ (not AOE, BJOE, XYZJOE)
  • *JOE - user profile JOE, AJOE, BJOE, XYZJOE (not JOEA, JOEB, JOEXYZ)
  • *JOE* - user profile IDs that contain JOE
Groups Only This rule can be used to authenticate only group profiles that match the specified name. All primary and supplemental members of the group can be authenticated by the rule. (Type of Users=G)

An asterisk (*) may be used as a wildcard character. The wildcard character can be used only at either end or at both ends of the input.

Examples:
  • JOE - any user profile with a primary or supplemental group profile of JOE
  • JOE* - any user profile with a primary or supplemental group profile of JOE, JOEA, JOEB, JOEXYZ (not AOE, BJOE, XYZJOE)
  • *JOE - any user profile with a primary or supplemental group profile of JOE, AJOE, BJOE, XYZJOE (not JOEA, JOEB, JOEXYZ)
  • *JOE* - any user profile with a primary or supplemental group profile that contains JOE, e.g. JOE, AJOEA, BJOEB, XYZJOEXYZ

Use Distribution List This rule can be used to authenticate all user profiles identified in the specified distribution list. The Distribution list must exist within Assure Security. Distribution lists are known as Destinations within the 5250 user interface (Type of Users=D).
Use Condition List This rule can be used to authenticate all user profiles identified in the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**) and it can contain only one column and have a data type of USR_GRPPRS. (Type of Users=C)

For details on creating a condition list using the WRKQJLCM command, refer to How to create a condition list under Common Functions and Tools in Assure Security.

Job

Field Description
Job name

Limits the rule to jobs with the specified job name or a job defined to the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**).

Job type Limits the rule to jobs of the specified job type. These job types are possible:


                Match Any
                Batch
                Interactive
              

Note:
  • Additional job types are available in the 5250 interface. For rules with these job types, the job types are read-only in the Web user interface.
  • When Challenge User Interactively is selected as the action, the job type can only be Interactive and is read-only.
  • When Reset Password or Enable Profile are selected as the rule category, the job type can only be Interactive and is read-only.
Job subtype Limits the rule to jobs of the specified job subtype. These job subtypes are possible:


                    Advanced 36 machine server
                    Alternate spool user
                    Immediate
                    System/36 Multiple requester terminal (MRT)
                    Prestart
                    Printer driver
                    Procedure start request  

Subsystem Limits the rule to those jobs running in the specified subsystem or in a subsystem specified in a specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**).
IASP

Limits the rule to jobs that are using the specified IASP or jobs using IASPs identified in a specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**).

Network

Field Description
IP address Limits the rule to user profiles with the specified IP address or range of values.
Note: This field works as specified when working with the 5250 listener. However, when working with the web listener, the rules engine always receives the address 127.0.0.1 (the IP address of the HTML server located on IBM i) and does not select the correct matching rule for this field. It is recommended to set this field to % if you are working with the web listener.

Profile Attributes

Field Description
Profile description Limits the rule to user profiles with the specified profile description.
Special authorities

Limits the rule to those user profiles that have all the specified special authorities. These special values are possible: *ALLOBJ, *AUDIT, *IOSYSCFG, *JOBCTL, *SAVSYS, *SECADM, *SERVICE, *SPLCTL

Limit capabilities Limits the rule to those users that have the specified value for the Limit Capabilities (LMTCPB) attribute in their user profile. These limit capabilities values are possible:
  • No - The rule can only be selected by profiles that have a value of no limitations (*NO) for this attribute.
  • Yes - The rule can only be selected by profiles that have a value of limitations (*YES) for this attribute.
  • Partial - The rule can only be selected by profiles that have a value of partial limitations (*PARTIAL) for this attribute.
Profile status

Limits the rule to those users that have the specified value for the Status (STATUS) attribute in their user profile. These status attributes are possible: Enabled, Disabled.

User class Limits the rule to those users that have the specified value for the User class (USRCLS) attribute in their user profile. These user classes values are possible *PGMR, *SECADM. *SECOFR, *SYSOPR. *USER.
Accounting code Limits the rule to those users that have the specified value for the Accounting code (ACGCDE) attribute in their user profile.
Language Limits the rule to those users that have the specified value for the Language ID (LANGID) attribute in their user profile.

System

Field Description
System name Limits the rule to jobs running in the specified system or a system defined to the specified embedded condition list. The condition list must exist within Assure Security. Its name must begin with two asterisks (**). The data type tie to USR_GRPPRS only applies to users or group names, not other condition lists like system or job names.

Initial Program and Menu

Field Description
Initial program Limits the rule to user profiles with the specified initial program.
Initial program library Limits the rule to user profiles with the specified initial program library.
Initial menu Limits the rule to user profiles which have the specified value for their Initial menu (INLMNU) attribute.

Timeframe

Field Description
Date range Limits the rule to the specified date range. (5250 fields: From date, End date)
Time range Limits the rule to the specified time range. (5250 fields: Start time, End time)