Group profile examples - Assure_DB2_Data_Monitor_(DB2MON) - Assure_Elevated_Authority_Manager_(EAM) - Assure_Encryption - Assure_Monitoring_and_Reporting_(AMR) - Assure_Secure_File_Transfer - Assure_Secure_File_Transfer_ - Assure_Secure_File_Transfer_PGP - Assure_Secure_File_Transfer_with_PGP - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_System_Access_Manager_(SAM) - Required_for_All_Modules - assure_ioptimize - assure_itera - assure_mimix - 10.0

License Manager for IBM i Products

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Required for All Modules
Assure MIMIX™ Software
Assure iTERA
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Secure File Transfer with PGP
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure iOptimize
Assure Security > Assure System Access Manager (SAM)
Version
10.0
Language
English
Product name
Assure
Title
License Manager for IBM i Products
Copyright
2023
First publish date
1999
ft:lastEdition
2024-07-02
ft:lastPublication
2024-07-02T13:03:21.227059

The following examples illustrate how the group profile support works with product authority. The authorization levels to MIMIX products are, in descending order, as follows:

  1. *ADM (administrator)

  2. *MGT (management)

  3. *OPR (operator)

  4. *DSP (display)

  5. *EXCL (exclude)

These examples use the following assumptions:

  • *PUBLIC access has been granted *DSP authority to a MIMIX product

  • Group profile GRPA has *ADM authority to the same product

  • Group profile GRPM has *MGT authority to the same product

  • Group profile GRPO has *OPR authority to the same product

Case 1: Default authority User profile USERA has no associated group profiles and does not have a specific security entry for the MIMIX product. USERA is granted *DSP authority to the product because that is the *PUBLIC authority level.

Case 2: Specific user authority User profile USERB has no associated group profiles but there is a specific security entry for the product specifying authority level *EXCL for USERB. USERB is granted *EXCL authority (in this case, denied access to the product).

Case 3: User in multiple groups (1) User profile USERC has no specific security entry, but is a member of both group profiles GRPA and GRPO. Because the highest authorization level for GRPA, GRPO, and *PUBLIC is the *ADM authority associated with group profile GRPA, USERC is granted *ADM authority to the MIMIX product.

Case 4: User in multiple groups (2) User profile USERD has no specific security entry, but is a member of both group profiles GRPM and GRPR. Group profile GRPR does not have a specific security entry. Because the highest authorization level for GRPM and *PUBLIC is the *MGT authority associated with group profile GRPM, USERD is granted *MGT authority to the MIMIX product.

Case 5: User in multiple groups (3) User profile USERE has no specific security entry, but is a member of both group profiles GRPQ and GRPR. Because neither of these group profiles has a specific security entry, USERE is granted *DSP authority (the *PUBLIC authority level) to the product.

Case 6: Attempting to exclude a group of users User profile USERF has no specific security entry but is a member of group profile BADDY. There is a security entry for group profile BADDY which is set to *EXCL authority to the MIMIX product. Because the highest authorization level for BADDY and *PUBLIC is *DSP, USERF is granted *DSP authority to the MIMIX product. Users must be specifically excluded from using a MIMIX product.