Group profile examples - Assure_DB2_Data_Monitor_(DB2MON) - Assure_Elevated_Authority_Manager_(EAM) - Assure_Encryption - Assure_Monitoring_and_Reporting_(AMR) - Assure_Secure_File_Transfer - Assure_Secure_File_Transfer_ - Assure_Secure_File_Transfer_PGP - Assure_Secure_File_Transfer_with_PGP - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_System_Access_Manager_(SAM) - Required_for_All_Modules - assure_ioptimize - assure_itera - assure_mimix - 10.0

License Manager for IBM i Products

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Secure File Transfer with PGP
Assure Security > Assure Secure File Transfer
Assure iOptimize
Assure Security > Assure Encryption
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Required for All Modules
Assure iTERA
Assure MIMIX™ Software
Version
10.0
Language
English
Product name
Assure
Title
License Manager for IBM i Products
Copyright
2023
First publish date
1999

The following examples illustrate how the group profile support works with product authority. The authorization levels to MIMIX products are, in descending order, as follows:

  1. *ADM (administrator)

  2. *MGT (management)

  3. *OPR (operator)

  4. *DSP (display)

  5. *EXCL (exclude)

These examples use the following assumptions:

  • *PUBLIC access has been granted *DSP authority to a MIMIX product

  • Group profile GRPA has *ADM authority to the same product

  • Group profile GRPM has *MGT authority to the same product

  • Group profile GRPO has *OPR authority to the same product

Case 1: Default authority User profile USERA has no associated group profiles and does not have a specific security entry for the MIMIX product. USERA is granted *DSP authority to the product because that is the *PUBLIC authority level.

Case 2: Specific user authority User profile USERB has no associated group profiles but there is a specific security entry for the product specifying authority level *EXCL for USERB. USERB is granted *EXCL authority (in this case, denied access to the product).

Case 3: User in multiple groups (1) User profile USERC has no specific security entry, but is a member of both group profiles GRPA and GRPO. Because the highest authorization level for GRPA, GRPO, and *PUBLIC is the *ADM authority associated with group profile GRPA, USERC is granted *ADM authority to the MIMIX product.

Case 4: User in multiple groups (2) User profile USERD has no specific security entry, but is a member of both group profiles GRPM and GRPR. Group profile GRPR does not have a specific security entry. Because the highest authorization level for GRPM and *PUBLIC is the *MGT authority associated with group profile GRPM, USERD is granted *MGT authority to the MIMIX product.

Case 5: User in multiple groups (3) User profile USERE has no specific security entry, but is a member of both group profiles GRPQ and GRPR. Because neither of these group profiles has a specific security entry, USERE is granted *DSP authority (the *PUBLIC authority level) to the product.

Case 6: Attempting to exclude a group of users User profile USERF has no specific security entry but is a member of group profile BADDY. There is a security entry for group profile BADDY which is set to *EXCL authority to the MIMIX product. Because the highest authorization level for BADDY and *PUBLIC is *DSP, USERF is granted *DSP authority to the MIMIX product. Users must be specifically excluded from using a MIMIX product.