A User must specify a valid IBM i (iSeries) User ID and password within Surveyor/400 to connect to an IBM i system. Surveyor/400 will honor any existing OS/400 user authorities specified for the objects and libraries on the system. In other words, if a User is not authorized to an object on the system, then they will not be able to access this object through Surveyor/400.
In addition to normal OS/400 User security and object authorities, Surveyor/400 provides an additional layer of security called “User Access”. This User Access feature allows designated Surveyor/400 administrators to control which Surveyor/400 features and IBM i libraries each User has access to.
Each IBM i machine (or LPAR) is configured with its own User Access settings. For instance, a Surveyor/400 User could be granted User Access rights to modify database records on a Development IBM i, but can be restricted from modifying database records on a Production iSeries.
A Surveyor/400 User can either be configured with its own authority or the user can adopt its authority from a User Group.
The Surveyor/400 User Access feature can be accessed by right-clicking an IBM i system within the Visual Tree, then selecting the ‘User Access’ option.
Demonstrates the security settings for a particular user group
- Designate Surveyor/400 administrator(s) who can grant/deny features for other users
- Restrict access to Surveyor/400 product
- Set the library list for a user id - user is then restricted to those libraries if checkmark is removed from the Modify Library option
- Restrict access to running commands
File Editor security:
- Restrict access to the File Editor feature
- Restrict File Editor usage to "view only"
- Restrict mass delete
- Restrict mass updates
- Indicate if the user can utilize File Editor Layouts which have public authority.
File Editor Audit:
- An audit trail can be created by Surveyor/400 to log any records which a user adds, changes or deletes through the File Editor.
- Choose an Output Queue or Database file for the audit.
IFS (Integrated File System) security:
- Restrict IFS access to Read access
- Restrict IFS access to Write access
- Restrict access to SQL Queries
- Restrict access to SQL Updates/Deletes/Inserts
- Restrict access to SQL Procedure Calls
- Restrict access to SQL Database Maintenance
- Log SQL activity.
Data Transfer security:
- Restrict access to Exporting
- Restrict access to Importing
- Restrict access to FTP
- Log transfer activity.
- Restrict access to TN5250
Spooled Files security:
- Restrict access to all spooled files
- No access to all spooled files
- Restrict access to user's spooled files
- Restrict access to management activities, such as holding, releasing, deleting, and moving spooled files.
- Restrict access to exporting spooled files.
- Restrict access to editing data areas