Describes the most significant columns on the Rules page.
Priority
Identifies the priority of the rule. The priority is used by the rules engine when searching for a rule that matches the context of the authentication request. Rules are searched in priority ascending order and the rules engine stops the search after it finds a rule that matches the context of the request. The possible values are between 0 and 8999.
Status
Enabled | The rule is active and may be selected by the rules engine to be used for authentication. (Held=N) | |
Disabled | The rule is not active and will not be selected by the rules engine to be used for authentication. (Held=Y) |
Profile and Groups
Identifies the user profiles or types of user profiles that can be authenticated by the rule when detected by the rules engine. The user profiles must also match the other selection criteria specified on the rule. (5250 field: Type of Users). For more information, see Selection Criteria tab.
MFA profile
Must exist | Limits the rule to users with an MFA profile. (Registered profile=Y) |
Must not exist | Limits the rule to users without an MFA profile. (Registered profile=N) |
Optional | The rule is applicable for users with or without an MFA profile. (Registered profile=%) |
Category
Identifies the category to which the rule belongs. Categories provide a means of easily identifying rules associated with a type of authentication request. Rules within a category use preset defaults for their function and their calling program. The values that are displayed and editable in the Rule Details dialog may vary by rule category.
Sign On | Rules in this category can authenticate user profiles when they sign on to the IBM i system. | |
Server Access | Rules in this category can authenticate users when using applications to access server connections such as FTP, ODBC, or JDBC. Used with Web Listener or 5250 Listener rules. | |
File Access | Rules in this category can authenticate users when accessing files using the IBM i Data File Utility (DFU). | |
SQL Access | Rules in this category can authenticate users when accessing files using SQL commands. | |
Web Listener | Rules in this category can be used to present authentication requests to users via the web listener when connecting to servers, such as FTP, ODBC, or JDBC. Used with rules where Listener is specified for the Action field. For more information about the web listener, refer to Assure Security application server requirements under Assure Security Multi-Factor Authentication User Guide |
|
5250 Listener | Rules in this category can be used to present authentication requests to users via the 5250 listener when connecting to servers, such as FTP, ODBC, or JDBC. Used with rules where Listener is specified for the Action field. | |
Reset Password | Rules in this category provide the ability for users to reset their IBM i password. For more information about resetting passwords, refer to Configure and use the profile password reset self-service option under Assure Security Multi-Factor Authentication User Guide |
|
Enable Profile | Rules in this category provide the ability for users to enable their IBM i user profile. For more information about enabling profiles, refer to Configure and use rules for the profile enable self-service option under Assure Security Multi-Factor Authentication User Guide |
|
Custom | Rules in this category can authenticate users to access the system, applications, or data. | |
Default | Defines the default action taken for users accessing the system, applications, or data when no other rules match the context of the request. |
Action
Always Allow | Allow access for user profiles or jobs authenticated by the rule without requiring additional authentication. (Action=*ALLOW) |
Always Deny | Deny access for user profiles or jobs authenticated by the rule without requiring additional authentication. (Action=*DENY) |
Challenge User In Listener | Display the authentication request in the web listener or the 5250 listener, depending on which listener is configured and running. The user will be prompted to provide additional authentication as defined in the Authentication Method fields. (Action=*LISTENER) |
Challenge User Interactively | Display the authentication request in a 5250 screen for an interactive job. The user will be prompted to provide additional authentication as defined in the Authentication Method fields. (Action=*DSPF) |
Notify User | Notify the user via a push notification to their personal device. The user will be prompted to respond to the notification and indicate if they requested access. (Action=*NOTIFY) |