Download Print this page

IBM Safenet/400 Reference Manual

Ibm network card reference guide
Hide thumbs

Advertisement

Quick Links

SAFENET/400
REFERENCE GUIDE
Version 8.50
© 2008 MP Associates of Westchester, Inc.

Advertisement

loading

  Related Manuals for IBM Safenet/400

  Summary of Contents for IBM Safenet/400

  • Page 1 SAFENET/400 REFERENCE GUIDE Version 8.50 ™ © 2008 MP Associates of Westchester, Inc.
  • Page 2: How To Contact Us

    How to contact us Direct all inquiries to: Kisco Information Systems 89 Church Street Saranac Lake, New York 12983 Phone: (518) 897-5002 Fax: (518) 897-5003 SafeNet/400 Website: SafeNet/400 Support Website: Visit the SafeNet/400 Web Site at http://www.kisco.com/safenet http://www.kisco.com/safenet/support HTTP://WWW.KISCO.COM/SAFENET...
  • Page 3: Table Of Contents

    TABLE OF CONTENTS CHAPTER 1 - SETTING UP USERS... 1.1 ETTING THE OGGING ... 1.3 DMINISTRATOR UPER RUSTED ONTROL NTERING ECURITY NTERING UTHORITIES TO NTERING UTHORITIES TO NTERING UTHORITIES TO NTERING AMES OPYING AN XISTING SER TO OPYING AN XISTING SER TO EMOVING A SER FROM...
  • Page 4 URGE UTOMATING THE LOG FILE PURGE UTOMATING THE UTOMATING AND UNNING THE AILY ACKUP ROCEDURE CHAPTER 9 - DE-ACTIVATING AND REMOVING SAFENET/400... 9.1 /400 ... 9.1 ACTIVATING /400 EMOVING FROM YOUR SYSTEM CHAPTER 10 - PROBLEM DETERMINATION ... 10.1 RROR...
  • Page 5: Chapter 1 - Setting Up Users

    You can perform each of the steps outlined in this chapter by using the corresponding option on the SafeNet/400 Main Menu. However, if you are setting up a new user, when you are finished with one screen you can use F9 to advance to the next without returning to the main menu. If you want to skip a step, you can cancel and return to the SafeNet/400 Main Menu.
  • Page 6: Setting The User Logging Levels

    Server Function logging level. To make sure you are logging transactions correctly, we recommend that when you initially set up SafeNet/400 you set the Server Functions to log ALL and set the User to Server logging levels to either ALL or REJECTIONS.
  • Page 7: Safenet Administrator

    The WRKSNADM command can be executed by a user with *SECADM or *SECOFR authority. A user profile must be set up as a SafeNet/400 ‘Super Admin’ to perform the following: Activate or deactivate SafeNet/400 Change/copy/remove the IBM-supplied Q profiles settings in SafeNet/400 Use the WRKSRV, CHGSPCSET, CHGFTPSET commands A regular SafeNet/400 user or administrator does not have authority to the above functions.
  • Page 8: Super Trusted User Control

    SafeNet/400 security routines. Transactions from these users can bypass the traditional SafeNet/400 security routines; you can choose to simply log them or not log them. From the Special Jobs Menu select Option 4 – Maintain Super-Users in SafeNet.
  • Page 9: Entering User Security Levels

    The Maintain User to Server Security screen appears. A list of all the servers is displayed. If you would like to see the list of all users who have been defined within SafeNet/400, press F2. © Copyright 2008 MP Associates of Westchester, Inc.
  • Page 10 (the default) through 99. A value of 00 indicates no change to the default job priority. Press F9 to continue to the next step - setting up user authorities to objects. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 11: Entering User Authorities To Objects

    To see a list of users already defined within SafeNet/400 type *ALLDFN. The Add New Object Authorization screen appears. If you would like to see the list of all users who have been defined within SafeNet/400, press F2. Note: If this user has already been set up in SafeNet/400, the Maintain Authorized Objects by User screen is displayed.
  • Page 12 If granting rights to multiple objects in one library, you must list the library name multiple times or use a generic object name. For example: © Copyright 2008 MP Associates of Westchester, Inc. LIBRARY OBJECT QUSRSYS PAY1 QUSRSYS PROJECT QUSRSYS PRT* SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 13 To add more, press F6. To delete an existing entry, type 4 in the Option column, then ENTER. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 14 To give all users read access to all objects in all libraries, but exclude them from any objects in the PAYROLL library, give *PUBLIC READ authority to the library and exclude *PUBLIC from the PAYROLL library. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.10...
  • Page 15 If the PAYDEPT profile needs to use objects in the PAYROLL library, grant user profile PAYDEPT READ authority to the PAYROLL library. This individual authority overrides the *PUBLIC authority. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.11...
  • Page 16: Entering User Authorities To Sql Statements

    SQL Statements they may need. If you used F9 from the previous screen, skip to Step 4. If you are currently on the SafeNet/400 Main Menu, select Option 4 - Work with User to SQL Statement Security or use WRKUSRSQL command The Work User to SQL Statements screen is displayed.
  • Page 17 If you would like to see the list of all users who have been defined within SafeNet/400, press F2. When finished making all your selections, ENTER. Press F9 to advance to the next step - setting up user authorities to FTP statements.
  • Page 18: Entering User Authorities To Ftp Statements

    FTP Server or FTP Client to Level 4. If you used F9 from the previous screen, continue with Step 4. If you are on the SafeNet/400 Main Menu, select Option 5 - Work with User to FTP Statement Security or use WRKUSRFTP command The Work User to FTP Statements, Enter User ID screen is displayed.
  • Page 19 If you would like to see the list of all users who have been defined within SafeNet/400, press F2. Press F4 to display the Maintain Special FTP Settings for Users screen Note: Special FTP settings for a user are allowed only when your system is at OS/400 V5R1 or higher.
  • Page 20 • Get an object from the local system An FTP GET of object ABC in an FTP Server session requires *READ authority to the object ABC on the LOCAL machine. © Copyright 2008 MP Associates of Westchester, Inc. 1.16 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 21 CL commands they may need. If you used F9 from the previous screen, continue with Step 4. From the SafeNet/400 Main Menu, select Option 6 - Work with User to CL Command Security or use WRKUSRCMD command The Work User to CL Commands, Enter User ID screen is displayed.
  • Page 22 To remove authorization to a command, FIELD EXIT through the line to blank it out. If you would like to see the list of all users who have been defined within SafeNet/400, press F2. When finished typing all the required CL commands for this user, press ENTER.
  • Page 23: Entering Long Path Names

    Entering Long Path Names The default SafeNet/400 setting is to use long path names. If you choose to not use long path name support, you must first change the SafeNet/400 default setting. Use the CHGSPCSET command to set the PATHL parameter to *SHORT.
  • Page 24 End the path with * to allow access to all items in subfolders. When finished typing all the paths for this user, press ENTER. © Copyright 2008 MP Associates of Westchester, Inc. 1.20 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 25: Copying An Existing User To Set Up A New User In Safenet/400

    Type the user profile you are copying from, then the new profile(s) to add. When finished entering all the new profiles, press ENTER. This will set up the new profile in SafeNet/400 and return you to the Special Jobs Menu. Removing a User from SafeNet/400 This option allows you to remove a user’s authorities and settings from SafeNet/400.
  • Page 26: Maintain All Security For A User

    Maintain all Security for a User The WRKUSRSEC command, which is not found on any of the SafeNet/400 menus, gives you the ability to perform security maintenance for an individual user without entering several different commands. When you use the WRKUSRSEC command you will be presented with the Maintain All Security for a User screen.
  • Page 27: Setting Up Time Of Day Controls

    Supplemental Group *PUBLIC SafeNet/400 checks until all the tests are passed or until an exclusion rule is encountered. Note: In Version 8, Time of Day controls are handled differently than in previous releases of SafeNet/400. With Version 8, TOD controls are activated at the server level. Use the WRKSRV command to turn on Time of Day checking on the appropriate servers.
  • Page 28 To set up the Time of Day controls for a specific user, use Option 2 – Work with User to Server Security from the SafeNet/400 Main Menu or the WRKUSRSRV command. Type the user profile, ENTER and then press F10.
  • Page 29 You can also define holidays that will be used to control Time of Day access. Press F9 to display the Time of Day Holiday Maintenance screen. Type the dates and descriptions of your holidays. Press ENTER. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.25 V8.50 - May 2008...
  • Page 30 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 1.26 V8.50 - May 2008...
  • Page 31: Chapter 2 - Setting Up Servers

    Chapter 2 - SETTING UP SERVERS The final step in configuring SafeNet/400 is to enter the Security Level settings for all the server functions. Important: If you do this step first and restrict access to the server functions prior to setting up user rights, you may disrupt network requests until the users’...
  • Page 32 SafeNet/400 Server Function Security Levels Level 1: • IBM default • Unlimited access, all requests accepted • Requests can be logged, reporting available • Performance impact - none Level 2: • No access at all, all requests for server are rejected •...
  • Page 33 Level 5: • This indicates that SafeNet/400 does not recognize a program assigned to the exit point or has detected a user-defined program assigned. (Use WRKREGINF command to review existing exit point programs.) • Not supported • Cannot be changed via SafeNet/400, use WRKREGINF command •...
  • Page 34 Server Function logging level. To make sure you are logging transactions correctly, we recommend that when you initially set up SafeNet/400 you set the Server Functions to log ALL and set the individual user logging levels to either ALL or REJECTIONS.
  • Page 35 Basic Server Security - Supported by all Servers Level 1 - IBM Default Level 2 - No access to server Intermediate Server Security - Supported by all Servers Level 3 Special Level 3 Advanced Server Security - Supported by Specific Servers Level 4 - The user must be authorized to the server, the objects requested, the FTP Op or SQL Op, CL commands or long path to be used.
  • Page 36: Recommended Server Settings

    Level 3, Log All - Limit user access Level 4, Log All - Limit user, object and SQL Level 4, Log All - Limit user, object and SQL Level 1, Log None SafeNet/400 Reference Guide V8.50 - May 2008 statement access statement access...
  • Page 37 Level 4, Log All - Limit user, source IP address, object, FTP sub-commands Level 1, Log None Level 1, Log None Level 1, Log None Level 4, Log All - Limit user and object access Level 1, Log None SafeNet/400 Reference Guide V8.50 - May 2008 and commands...
  • Page 38 Level 1, Log None Level 1, Log None Level 1, Log All - Log all requests Level 1, Log None Level 4, Log All – Limit User,Object, Log all SafeNet/400 Reference Guide V8.50 - May 2008 and SQL statements and commands...
  • Page 39: Entering Server Function Security Levels

    Entering Server Function Security Levels From the SafeNet/400 Main Menu select Option 1 - Work with Server Security Settings or use WRKSRV command The Maintain Server Security screen is displayed. Enter the level of security and the logging level that is required for each server description in the Current columns.
  • Page 40 When you have finished entering information for all the servers, press ENTER. The screen is refreshed and any changes you made are reflected in the Current columns. © Copyright 2008 MP Associates of Westchester, Inc. 2.10 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 41: Customer Exit Programs

    Server Security screen gives you the ability to do so. SafeNet/400 will look to see if there is a customer-written program to call. If there is, it calls the program, passing two parameters, a one-byte status code, plus the rest of the data string from the client.
  • Page 42 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 2.12 V8.50 - May 2008...
  • Page 43: Chapter 3 - Telnet, Tcp/Ip Address Controls

    • Restrict IP address to use specific device names (enhanced TELNET clients only) • Restrict access based on the password type sent (none, clear or encrypted) © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 44 Controlling TELNET Access by IP Address Set the TELNET server to Level 3 using the WRKSRV command. From the SafeNet/400 Main Menu, select Option 7 – Work with TCP/IP Address Security or use the WRKTCPIPA command and enter *TELNET as the server to control Enter the IP address in dotted decimal format (i.e., 10.2.2.2)
  • Page 45 Access for Windows clients do not support this, so you MUST test this at your location. • A setting of 0 will always allow the client to connect. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 46 1, only 0 is supported. Important: If you intend to allow auto signon, please test this thoroughly, since it could present a security exposure. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 47 When *TELNETON is set to Level 3, only devices with IP addresses already registered will be permitted access to the TELNET server. Changing the security level of the TELNET server functions takes effect immediately. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 48: Setting Up Tcp/Ip Address Controls

    Setting up TCP/IP Address Controls SafeNet/400 allows you to specify which client IP addresses are either accepted or rejected by the Telnet and the FTP Servers. Turning on TCP/IP Address Checking To set-up and turn on TCP/IP address checking for the FTP Server and Rexec Server...
  • Page 49 Setting up TCP/IP Address Control Table Use SafeNet/400 Main Menu Option 7 or the WRKTCPIPA command In IP Addresses for Server enter *FTPSERVER, *FTPCLIENT or *TELNET for the proper control table. Type the addresses to accept or reject. A indicates Accept; R indicates Reject.
  • Page 50 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 51: Chapter 4 - Setting Up Ftp

    Logon Server to Level 3 and the FTP Server Validation to Level 4. Follow these steps for FTP: From the SafeNet/400 Main Menu select Option 10 - Go to Special Jobs Menu From the Special Jobs Menu select Option 3 - Change Special FTP Server Settings or use CHGFTPSET command along with F4 The Change SafeNet FTP Settings screen is displayed.
  • Page 52 For security purposes, enter it here AND grant the user profile for anonymous logons object rights to this library or group of objects within this library from the SafeNet/400 Main Menu, Option 3. For the ANONYMOUS user profile under OS/400, make the ‘Current Library’...
  • Page 53 FTP. In other words, a user would FTP to a System i5 FTP site running SafeNet/400, and that FTP site would prompt for a user name. The user keys ‘ANONYMOUS’ and the System i5 prompts for a password.
  • Page 54 If you do this, no one can use this profile to sign on since the password is set to *NONE. pword Enter the password to be used with the profile in parameter AUSRPRF for Anonymous FTP. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 55: Setting Up For Anonymous Ftp

    11. Grant the ANONYMOUS user profile authority to the FTP Logon and FTP Server Request Validation server points. 12. From the SafeNet/400 Main Menu, select Option 3 - Work with User to Object Level Security or use WRKUSROBJ command 13. Grant the ANONYMOUS user authority to the library entered in step 3 above (Current Library), and specifically to any objects within the library.
  • Page 56 ANONYMOUS user ID authority to specific FTP commands. Use the additional FTP settings if required or if you want the ANONYMOUS profile initial path to be an IFS directory. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 57: Setting Up For Normal User Ids And Ftp Servers

    On the FTP Security Settings screen, set Allow normal user IDs to log on the FTP to *YES or use RLOGON (*YES) parameter Return to the SafeNet/400 Main Menu and select the following options: • Select Option 1 - Work with Server Security Settings or use WRKSRV command Locate the FTP Logon, FTP Client and/or FTP Server points.
  • Page 58 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 59: Chapter 5 - Dhcp Controls And Reporting

    DHCP, you can still use these options to review other activity. To use the System i5 as a DHCP server, refer to the relevant OS/400 manual and/or Operations Navigator. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 60 Working with DHCP DHCP functions are performed from the DHCP Control and Reports Menu. From the SafeNet/400 Main Menu select Option 13 – Go To DHCP Menu The DHCP Control and Reports Menu appears. The DHCP functions provide the ability to maintain MAC addresses and device names, set IP addresses and ping IP addresses.
  • Page 61: Current Dhcp Activity

    You will notice that the devices with fixed IP addresses do not change as you toggle between the two displays. F4 puts you in edit mode and allows you to revise the assigned names © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 62 The number of packets and time to wait are controlled by two data areas: PINGPKTS and PINGTIME in PCSECDTA. The default is one packet and one second wait. You can change these data areas manually if required. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 63: Maintaining Mac Addresses

    This operates as a standard OS/400 DFU program. Press F9 to use insert mode when editing Press F23 to delete the MAC address and name SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 64: Fixed Ip Addresses

    Even if you are not using DHCP on your System i5, you can use this option to do PING checks for network troubleshooting. If you enter a DHCP IP address you will receive an error message. This is for fixed IP addresses only. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 65: Purging Expired Dhcp Lease Information

    From the DHCP Menu select Option 8 – Run Purge of Expired DHCP Lease Information Enter the date and time to purge through. When you ENTER the log of expired DHCP leases will be cleared. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 66: Ping Checker

    Press ENTER and you will begin to see replies flash on the bottom of the screen. When all the IP addresses have been pinged the Status column will display the results of the pings. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 67: Chapter 6 - Reports

    • Setup Reports provide information on server settings, user authorities to servers and to data, etc. • Analysis Reports provide data on SafeNet/400 usage - the who, what, where and when information you need to manage your system. Analysis reports have been enhanced to include the ability to select specific dates and/or users, including summaries by group profile.
  • Page 68: Setup Reports

    Setup Reports These reports are accessed through the SafeNet/400 Main Menu, Option 11 – Go to Setup Reports Menu (GO SN3 command) Server Status Prints each Server Function and its security level setting User to Server Security Listing Lists users and the Server Functions they are authorized to...
  • Page 69: Usage Reports

    Usage Reports These reports are accessed through the SafeNet/400 Main Menu, Option 12 – Go to Analysis Reports Menu (GO SN4 command). Menu SN4 options 2 through 7 also give you the ability to run auto-enrollment reports and perform the auto-enrollment process.
  • Page 70 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 71: Chapter 7 - Testing Your Security Settings

    “what-if” tool to verify the effect your settings will have before you actually turn on access control. If you have been logging network requests with SafeNet/400 you can, at any time, run each historical record through the security checking routines and receive a result of ‘ACCEPTED’ or ‘REJECTED’...
  • Page 72: Testing Safenet/400 Settings Based On Your Historical Data With The On-Line Transaction Tester

    This is the preferred method if you would like immediate feedback. 1. From the SafeNet/400 Main Menu select Option 10 - Go to Special Jobs/Setup Menu or use GO SN2 command) 2. Select Option 10 - On-Line Transaction Testing or use PCTESTR command The On-Line Transaction Testing screen will appear.
  • Page 73 3. In the Security Levels to Check field: Type C (Current) to test transactions with your present SafeNet/400 Server Security Levels Type H (Historical) to review the actual status received when the transaction was logged; no new ‘re-testing’ is performed.
  • Page 74 • Whether the request was accepted or rejected, and the reason for the rejection • If it is displayed as a valid function key, you can press F10 to view even more detail. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 75 Security Level to check. Note: Use this tool to develop and test your initial security settings prior to putting them into production. You can go back and change the different SafeNet/400 parameters to see how they affect each transaction.
  • Page 76: Batch Transaction Test Review/Report - Security Report By User

    Decide if you wish to print all transactions or only those that were rejected. Enter Y for only rejections (the default) or N to print all transactions Printing only rejections will reduce the size of the output report © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 77 • Enter a start date and time or accept the default value • Enter an ending date and time or accept the default value • Enter a specific user ID or *ALL © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 78 Page Down if you would like to print the report to an output file. When you have finished making your selections, ENTER to submit the report to batch. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 79: Recommended Approach To Testing

    Set up your User to Server and User to Object, SQL, FTP, CL, etc. tables if you wish to go to Security Level 4. You can use several tools provided with SafeNet/400 to test your security settings. Use the Security Report by User or the on-line version, PCTESTR. These can be run to test the collected transactions against the current or future server settings.
  • Page 80: Pcreview

    PCREVIEW Use the PCREVIEW command or Option 9 - On-Line Transaction Review from the SafeNet/400 Special Jobs Menu to review each transaction logged by SafeNet/400. This displays the historical transactions only. No testing can be performed using this tool. Type PCREVIEW and press ENTER.
  • Page 81 If you selected only a specific user or server to be displayed in PCREVIEW, you will find that only those records meeting the selection criteria will be displayed as you scroll through the file with the on-line transaction test program. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008 7.11...
  • Page 82 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 7.12 V8.50 - May 2008...
  • Page 83: Chapter 8 - Backups And Purges

    Chapter 8 - BACKUPS AND PURGES Log file Purge When SafeNet/400 is logging client requests, the information is kept in the TRAPOD file in library PCSECDTA. At times this file may grow to a considerable size. This function deletes the records in the TRAPOD file.
  • Page 84 This will purge the TRAPOD file and retain 60 days of data. The number of days must be entered as three characters, i.e., 020 for 20 days. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 85 It is recommended that for auditing purposes you save the archive file to tape, then remove the members. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 86: Automating The Log File Purge

    SBMJOB CMD(PCSECLIB/PRTSECRPT) For additional selection criteria for this report, use menu SN4, the Network Transaction Analysis Reports menu, Option 1 - Print Security Report by User. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 87: Automating And Running The Security Report And The Log File Purge Together

    Automating and Running the Security Report and the Log File Purge Together Use this method to automate both the SafeNet/400 Security Report and the Log File Purge. For this example, the purge is being done on Mondays and Thursdays. You may use any schedule you wish;...
  • Page 88 Run purge and retain 1 day STRPRGARC DAYS(001) Note: It is a good idea to run these commands back-to-back and at off-peak hours to minimize performance impact. © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 89: Daily Backup Procedure

    4. CHGSPCSET LOGALL(*YES) to begin logging 5. Issue the STRTRP command to re-start the transaction logging subsystem and program Remember to include the SafeNet/400 data library, PCSECDTA in your daily backup procedure. © Copyright 2008 MP Associates of Westchester, Inc.
  • Page 90 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 91: Chapter 9 - De-Activating And Removing Safenet/400

    IPL-initiated OS/400 activities that may still be allocating SafeNet/400 objects and programs. This is not required if you do not need to de-allocate all the SafeNet/400 programs. Once you have been successful in isolating your network problem, you can re-activate SafeNet/400.
  • Page 92 After performing these steps, end all subsystems then restart them to maintain security integrity. Try your network request again. If SafeNet/400 is active, and your request is not successful, review your request log and correct the problem based on the error code on the report.
  • Page 93: Removing Safenet/400 From Your System

    Removing SafeNet/400 from your system If it becomes necessary to completely remove SafeNet/400 from your System i5, follow these steps. Sign on to the System i5 as QSECOFR or SAFENET. De-activate SafeNet/400. Follow the instructions on the previous pages to de-activate the program.
  • Page 94 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. V8.50 - May 2008...
  • Page 95: Chapter 10 - Problem Determination

    Chapter 10 - PROBLEM DETERMINATION If SafeNet/400 is not working properly, there are a few general things to check. Error Message Received on the System i5 Did you perform an IPL after the initial SafeNet/400 installation? It is necessary to IPL your System i5 after completing the installation steps. If you do not IPL your system, you will experience unpredictable results.
  • Page 96 Recovery: Double check changes against the request log, use the on-line transaction program to test your authority settings. © Copyright 2008 MP Associates of Westchester, Inc. 10.2 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 97: Error Message Received On The Client

    SafeNet/400 related. 1. Try the same request with a user ID that has rights to all servers and has all object and all folder authority. User profile QSECOFR is set up with all rights in SafeNet/400 by default. 2. Check the log file for the request and response.
  • Page 98 If you are unsure that SafeNet/400 is the source of the problem 1. Reset the Security Level in SafeNet/400 by following these directions: • From the SafeNet/400 Main Menu select Option 1 – Work with Server Security Settings or use WRKSRV command •...
  • Page 99 If you receive a message on the System i5 about a SafeNet/400 or PCSECLIB program, or you still cannot resolve a client error or client application error, check to see if the system was IPL'd since you: Initially installed SafeNet/400 Applied PTFs to SafeNet/400 If not, you must IPL your system for the changes to take effect.
  • Page 100 To determine if the problem is with the server or a client, try this process with another client application that may access the same server. © Copyright 2008 MP Associates of Westchester, Inc. 10.6 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 101: Examples Of Client Error Messages

    This message was received on the client when the server function was set to Level 2 - Function Disabled/No Access. This message was received on the client when the user was not authorized to the server. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 10.7...
  • Page 102 This message was received on the client when the user was not authorized to the SQL Select statement. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 10.8 V8.50 - May 2008...
  • Page 103: Error Codes Which Appear In The Log

    Unauthorized path statement No authority to SQL statement Incoming commands *OFF No authority to Root Directory Unauthorized FTP Logon Unauthorized FTP Command Unauthorized REXEC Logon Unauthorized TFTP Logon Unauthorized IP Address Invalid Op-Specific Request SafeNet/400 Reference Guide V8.50 - May 2008 10.9...
  • Page 104 Unauthorized CL command Error with Swap Profile Error during Profile Swap User/Server Reject Code (Specific *REJECT in WRKUSRSRV) Time of Day control Function requires SafeNet/400 regular Admin authority Function requires SafeNet/400 Super Admin authority SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 105: Additional Troubleshooting Tips

    As a network request is processed by SafeNet/400, a record is written to the TRAPOD file. The name of the SafeNet/400 program that processed the request is in position 1-10; the status of the request is in position 11 (1= Accepted, all others are rejections);...
  • Page 106 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 10.12 V8.50 - May 2008...
  • Page 107: Chapter 11 - Special Safenet/400 Considerations

    SafeNet/400 functions. Resetting Level 5 within SafeNet/400 When an installation has a user exit program in place that SafeNet/400 does not recognize, the exit point will automatically be set to Level 5 (unsupported). To allow SafeNet/400 to support this server you must do the following: Remove your user exit program from the registration facility in OS/400.
  • Page 108 Follow the instructions to de-activate the program found in Chapter 9 in this guide, ‘De- activating and Removing SafeNet/400’. Re-activate SafeNet/400 Select Option 6 - Activate/De-Activate SafeNet/400 Restart your system © Copyright 2008 MP Associates of Westchester, Inc. 11.2 SafeNet/400 Reference Guide...
  • Page 109: Pre-Power Down Program Point

    Pre-Power Down Program Point You can create a power down CL program to be called whenever the PWRDWNSYS command is issued. SafeNet/400 will call this program and log the request whenever the command is processed. To use this feature, create a CL program called PWRDWNCL and place it in library QGPL.
  • Page 110: Using Automatic Alert Notification

    This option does not start the ALERTWATCH program, since it is not required when detailed messages are specified. Use detailed message alerts when you initially set up SafeNet/400. This will allow you to quickly get an alert in the event of rejections that may need additional research and set ©...
  • Page 111 Activating SafeNet/400 Alert Notification 1. From the SafeNet/400 Special Jobs Menu select Option 7 - Change Alert Notification Status or use the CHGNOTIFY command and press F4. 2. Type *ON for parameter ALERT to activate alert notification, then ENTER. 3. Enter *YES to receive summarized alerts or *NO for detailed alerts.
  • Page 112: Profile Swapping

    SafeNet/400 will swap profiles if the original user has an alternate swap profile set up in SafeNet/400 • *RQD Requires that a swap profile must be set up for the original profile in SafeNet/400, or all requests are rejected. © Copyright 2008 MP Associates of Westchester, Inc.
  • Page 113 On the Maintain Authorized Swap Profiles screen, type the Swap To Profile then press ENTER Now, whenever a user connects to the System i5 through a client/server connection after SafeNet/400 checks the original profile, OS/400 will do all security checking on the ‘Swap to’ profile. © Copyright 2008 MP Associates of Westchester, Inc.
  • Page 114: Journaling Safenet/400 Security Files

    Journaling SafeNet/400 Security Files You may wish to journal all changes made to any of the SafeNet/400 security files for audit purposes. Three programs are provided to assist with the journaling process: Call PCSECLIB/STRSAFEJRN • Creates all required journals (SAFENET) in library PCSECLIB •...
  • Page 115: Files Contained In Safenet/400

    Contains fixed IP client addresses (static addresses) IBMFLR File and IBMFLRL (Long paths to IBM folders) Contains all IBM supplied folder names. You may add additional folder names to this file for automatic READ and/or WRITE authority as required. MACNAMES...
  • Page 116 Be sure to pay close attention to its size and establish a schedule to purge records. This file can also be used for additional user-developed reporting. See IBM OS/400 Servers and Administration for additional information and record layouts.
  • Page 117: Safenet/400 Commands

    Change FTP special settings CHGNOTIFY Changes status of Alert Notification CHGSPCSET Change SafeNet/400 special settings CPYSNUSR Copy settings from one SafeNet/400 user to another ENDTRP Ends the transaction logging program PCREVIEW Starts the on-line transaction review process PCTESTR Starts the on-line transaction testing program...
  • Page 118 Removes user’s authorities to server functions SETSAFENET OPTION(A) – Activates SafeNet/400 SETSAFENET OPTION(B) – Deactivates SafeNet/400 SETVER Used to change the license code level of SafeNet/400 STRALRT Starts Alert Notification monitoring STRPRG Starts purge of log file STRPRGARC Starts archive purge/security report of log file...
  • Page 119 WRKUSRSQL Work with user to object SQL statement security WRKUSRSRV Work with user to server security © Copyright 2008 MP Associates of Westchester, Inc. SafeNet/400 Reference Guide V8.50 - May 2008 11.13...
  • Page 120 SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 11.14 V8.50 - May 2008...
  • Page 121: Chapter 12 - Server Function Descriptions

    This section lists all the current System i5 server functions, their descriptions and information on how they are used. The servers are alphabetized within two groups - the Original Servers and the Optimized Servers. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc. 12.1...
  • Page 122: Original Servers

    Original Servers These servers have been provided by IBM since PC Support/400 became available. Support for these original servers was designed for and is still used to service the original clients: DOS, Extended DOS and OS/2. SafeNet/400 Reference Guide © Copyright 2008 MP Associates of Westchester, Inc.
  • Page 123 Commands are allowed only if specified from Special Jobs Menu, Option 2 (CHGSPCSET command). DDM commands, NOT file requests, can be stopped by saying “NO” to Allow DDM Commands parameter. The SafeNet/400 default is “YES” to allow commands. Review existing requirements prior to changing this setting. At Level 4, users must be authorized to commands.
  • Page 124 For Version 4 of SafeNet/400, if *DDM is set to Level 4, you must authorize each user to the CL commands they may issue to the System i5. Most System i5 systems, by default, use the QUSER profile for the communications conversation.
  • Page 125 At Level 4 users must be granted access to specific data queues and libraries. Supports generic (wildcard) data queue names. (DATAQ* = all data queue names starting with the letters DATAQ) © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 12.5...
  • Page 126 - File transfer from within a RUMBA emulation session - Interactive and automatic file transfer functions - File transfer from within a RUMBA or PC5250* emulation session - Interactive and automatic file transfer functions (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 127 To do a “REPLACE” with a CREATE FILE(*NO) or CREATE MEMBER(*NO), Delete and Write Data Rights must be specified to the object. © Copyright 2008 MP Associates of Westchester, Inc. Object or Sub-Folder *ALL Object or Sub-Folder *ALL CRTMBR(*YES) SafeNet/400 Reference Guide V8.50 - May 2008 Read Read 12.7...
  • Page 128 Original License Management Server Description: Original License Management Server - 100 The license management server ensures valid licenses are available for Client Access, IBM and non-IBM licensed applications when requested from a client. The license management server performs this process every time a Client Access client requests a license for an application, typically upon session initiation.
  • Page 129 At Levels 3 and 4, the user must be authorized to the server function. Generic (wildcard) names are supported for Level 4. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.9...
  • Page 130 Level 4 checks SQL statements and Object/Library for authority. User must have authority to SQL statement and Object/Library. © Copyright 2008 MP Associates of Westchester, Inc. 12.10 (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 131 Example 1: To grant authority to all printers that begin with the letters PRT in library QUSRSYS enter: Library or Folder QUSRSYS © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) (Level 4) Object or Sub-Folder Read PRT* SafeNet/400 Reference Guide V8.50 - May 2008 12.11...
  • Page 132 Example 2: To grant authority to only the PAYROLL printer, enter: Library or Folder QUSRSYS © Copyright 2008 MP Associates of Westchester, Inc. 12.12 Object or Sub-Folder Read PAYROLL SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 133: Optimized Servers

    Optimized Servers This server support, provided by IBM with Client Access (now iSeries Access for Windows) beginning with OS/400 Version 3 Release 1, services optimized clients: Windows 3.1 (16 bit applications), Optimized OS/2 (32 bit applications) and Windows98, Windows 2000, Windows Additional servers are supplied by IBM for each new release of OS/400.
  • Page 134 Level 1, Log All Notes: At Level 3 users must be authorized to the server function. Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. 12.14 (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 135 Level 1, Log All Notes: At Level 3 users must be authorized to the server function. Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.15...
  • Page 136 Level 1, Log All Notes: At Level 3 users must be authorized to the server function. Level 4 not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. 12.16 (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 137 Recommended Setting: Level 3, Log All Notes: At Levels 3 and 4 users must be authorized to the server function. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.17...
  • Page 138 - File transfers Create source physical file Create database file, based on existing file Add, clear, delete database file member Override database file Delete database file override Delete file (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 139 At Level 4 the user must be granted authority for each library to add to the library list. © Copyright 2008 MP Associates of Westchester, Inc. - Access to System i5 database through ODBC interface - File transfers (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 12.19...
  • Page 140 Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. 12.20 - Access to System i5 database through ODBC interface - File transfers (Levels 1,2,) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 141 © Copyright 2008 MP Associates of Westchester, Inc. - Access to System i5 database through ODBC interface - File transfers (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 - SQL package - SQL package statement - File member - Record format - Special columns 12.21...
  • Page 142 At Levels 3 and 4 users must be authorized to the server function. At Level 4 the user must be authorized to the OBJECT/LIBRARY. © Copyright 2008 MP Associates of Westchester, Inc. 12.22 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 143 Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. - Access to System i5 database through ODBC interface - File transfers (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 - Primary keys 12.23...
  • Page 144 CREATE INDEX CREATE TABLE CREATE VIEW DELETE DROP COLLECTION DROP DATABASE DROP INDEX (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 DROP PACKAGE DROP TABLE DROP VIEW GRANT INSERT LABEL ON LOCK TABLE REVOKE ROLLBACK...
  • Page 145 Data authority requirements are determined by the authorized SQL statements for the user. 3. Due to a restriction within IBM's OS/400 for versions prior to V4R1, OS/400 delivers SQL requests to SafeNet/400 with a limit of 512 characters in length. Since most SQL statements are normally much less than this limit, this is not a concern for most users.
  • Page 146 At Level 4 users must be granted access to specific data queues and libraries. Supports generic (wildcard) data queue names. (DATAQ* = all data queue names starting with the letters DATAQ) © Copyright 2008 MP Associates of Westchester, Inc. 12.26 (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 147 System i5 when the System i5 is set to be the local network DHCP server Server Identifier: *DHCPB Format name: DHCA0100 Levels Supported: Basic Limitations: None Recommended Setting: Level 1, Log All © Copyright 2008 MP Associates of Westchester, Inc. (Level 1) SafeNet/400 Reference Guide V8.50 - May 2008 12.27...
  • Page 148 System i5 when the System i5 is set to be the local network DHCP server Server Identifier: *DHCPR Format name: DHCR0100 Levels Supported: Basic Limitations: None Recommended Setting: Level 1, Log All © Copyright 2008 MP Associates of Westchester, Inc. 12.28 (Level 1) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 149 Does not differentiate between upper and lower case file names Does not support long file names. Names over 10 characters are truncated Allows setting of global authority to IBM supplied folders and file systems Authority is granted to a folder and all data that it contains.
  • Page 150 Folder *ALLFLR To enter *ALLFLR/ *ALL you must be signed on as QSECOFR. Proper Data Rights must be selected also. © Copyright 2008 MP Associates of Westchester, Inc. 12.30 Object or Sub-Folder *ALL SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 151 At Level 4, to authorize a user for access to a non-IBM folder within the QDLS file system (shared folders), you must enter two records in the OBJECT/USER security file. Example 1: A user requires access to a folder called PERSONNEL within QDLS.
  • Page 152 Entry #3 PAYROLL.LI SafeNet/400 will convert all requests to uppercase, then check the first ten characters in each directory name for a match. Note: When native libraries or objects are accessed via the file server, .LIB, .file, etc. are added to the end of the name.
  • Page 153 When authorizing users to the GET/PUT sub-commands, the assumed object authority is reversed from authorities required for the FTP Server point and the same objects. See the following examples. © Copyright 2008 MP Associates of Westchester, Inc. (Level 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 12.33...
  • Page 154 • Get an object from the local system An FTP GET of object ABC in an FTP Server session requires *READ authority to the object ABC on the LOCAL machine. © Copyright 2008 MP Associates of Westchester, Inc. 12.34 SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 155 And most other operating systems Server Identifier: *FTPLOGON Format Name: TCPL0100 Levels Supported: Basic Intermediate Limitations: None Recommended Setting: Level 3, Log All © Copyright 2008 MP Associates of Westchester, Inc. (Level 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.35...
  • Page 156 And most other operating systems Server Identifier: *FTPLOGON2 Format Name: TCPL0200 Levels Supported: Basic Intermediate Limitations: None Recommended Setting: Level 3, Log All © Copyright 2008 MP Associates of Westchester, Inc. 12.36 (Level 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 157 And most other operating systems Server Identifier: *FTPLOGON3 Format Name: TCPL0300 Levels Supported: Basic Intermediate Limitations: None Recommended Setting: Level 3, Log All © Copyright 2008 MP Associates of Westchester, Inc. (Level 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.37...
  • Page 158 CHGFTPSET IPCTL(*YES) and WRKTCPIPA *FTPSERVER You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide. © Copyright 2008 MP Associates of Westchester, Inc. 12.38 (Level 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 159 Notes: At Level 3 users must be granted access to the server function. Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.39...
  • Page 160 At Levels 3 and 4 users must be granted access to the server function. Level 4 requires no special set up. (see Limitations above) No specific object authorizations required. © Copyright 2008 MP Associates of Westchester, Inc. 12.40 (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 161 Levels Supported: Basic Limitations: None Recommended Setting: Level 1 Notes: To use the pre-power down program call, create a CL program called PWRDWNCL. © Copyright 2008 MP Associates of Westchester, Inc. (Level 1) SafeNet/400 Reference Guide V8.50 - May 2008 12.41...
  • Page 162 At Level 4 you must authorize each user to the CL commands they may issue through this server. © Copyright 2008 MP Associates of Westchester, Inc. 12.42 (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 163 CHGFTPSET IPCTL(*YES) and WRKTCPIPA *FTPSERVER You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.43...
  • Page 164 CHGFTPSET IPCTL(*YES) and WRKTCPIPA *FTPSERVER You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide. © Copyright 2008 MP Associates of Westchester, Inc. 12.44 (Levels 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 165 CHGFTPSET IPCTL(*YES) and WRKTCPIPA *FTPSERVER You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide. © Copyright 2008 MP Associates of Westchester, Inc. (Levels 1,2) (Level 3) (Level 4) SafeNet/400 Reference Guide V8.50 - May 2008 12.45...
  • Page 166 Although Showcase uses SQL statements to access OS/400 data, SafeNet/400 does NOT verify the SQL statement authority. SafeNet/400 ONLY verifies the user to server and user to objects. The SQL Statement is NOT interrogated for authority. If the user issues a SELECT statement, the object authority required is *READ.
  • Page 167 Level 1, Log All Notes: Level 3 requires specific authority to the server function. Level 4 is not required or supported. © Copyright 2008 MP Associates of Westchester, Inc. (Level 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008 12.47...
  • Page 168 CHGFTPSET IPCTL(*YES) and WRKTCPIPA *FTPSERVER You can also review ‘Setting up TCP/IP Address Controls’ in Chapter 3 of this guide. © Copyright 2008 MP Associates of Westchester, Inc. 12.48 (Level 1,2) (Level 3) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 169 TFTP Server Request Validation Description: TFTP Server Request Validation Clients utilizing TFTP (Trivial File Transfer Protocol), such as the IBM Net Station use this server. Where used: IBM Net Station Boot Server Identifier: *TFTPSRVR Format name: VLRQ0100 Levels Supported: Basic...
  • Page 170 This point simply logs which user profile was affected, who performed the action, and when it was done. © Copyright 2008 MP Associates of Westchester, Inc. 12.50 Format: CHGP0100 CRTP0100 DLTP0100 DLTP0200 RSTP0100 (Levels 1) SafeNet/400 Reference Guide V8.50 - May 2008...
  • Page 171 Auto signon ... 3.4 Backup procedure... 8.7 CHGFTPSET ... 4.2 Commands... 11.11 Customer Exit Programs... 2.11, 11.1 De-activating SafeNet/400 ... 9.1 DHCP ... 5.1 Distribution lists... 11.5 ENDTRP ... 8.2, 8.7, 11.11 Error Codes... 10.9 Exclusions... 1.9, 1.10, 1.23, 1.24, 1.25 Exit points ...
  • Page 172 User Profiles *PUBLIC ... 1.5, 1.7, 1.10, 1.11, 1.12, 1.14, 1.17, 1.19 Group... 1.1 Swapping... 10.10, 11.6, 11.7 Users Copying ... 1.21 Removing ... 1.21 Security Levels...1.5 Setting logging levels ...1.2 Setting up ...1.1 WRKUSRSEC ...1.22...