Adding Firewall Settings for a Group
To add Firewall settings for a group, press the F7 key in the Work with User Security screen, shown in Setting Firewall Rules for Users and Groups (STRFW > 3 > 1).
The Add User Group Security screen appears.
| Add User Group Security User Group . . . . . . . . %Name Type choices, press Enter. Authorities and Locations 1. Services FTP, SQL, NDB, DDM, ... 2. IP 3. IPv6 4. Device Names SIGNON only 6. Check objects authority by Assign alt. users to services Selection ===> Description . . . . . . . . User allowed to work during Time group, *NEVER=Allow by group Ensure single IP use . . . N Y=Yes, I=Interactive only, N=No Check (in FW) Native auth . 3 1=Allow all, 2=Reject all, 3=Yes Check (in FW) IFS auth. . . 3 1=Allow all, 2=Reject all, 3=Yes F3=Exit F4=Prompt F9=Object security F10=Logon security F12=Cancel |
Type the group's name in the User Group field. To select a group from a list, press the F4 key. The group's name must begin with a percent sign, as in %NAME.
Through the options in the Authorities and Locations list, you can create specific filters for the group that can override the server's general settings. A close-arrow (">") before an item shows that its settings have already been changed from the default to a new value.
1. Services
To create filters based on services (such as FTP, SQL, NBD, or DDM), enter 1 in the Selection field. The Add User to Server Security screen appears, as shown in Adding Firewall Settings for a User based on Services.
2. IP
To create filters based on IP addresses, enter 2 in the Selection field. The Work with User IP Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IP Address.
3. IPv6
To create filters based on IPv6 addresses, enter 3 in the Selection field. The Work with User IPv6 Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IPv6 Address.
4. Device name
To create filters based on SNA system names, enter 4 in the Selection field. The Work with Sign-On Device Validation screen appears, as shown in Adding a Firewall Rule for Incoming Activity by Remote System Names.
6. Chg/Swap users for obj authority
To have the user assume the authority of a different user when using particular servers, enter 6 in the Selection field. The Work with Alternative Users screen appears, as shown in Adding Firewall Settings for a User to Assume Different Authority for a Server.
The fields below these control other aspects of user security:
Description
A free-form text description of the group
User allowed to work during
To limit the group to working within a specified range of hours of the day or days of the week, enter the name of a time group with those time settings (as shown in Defining Time Groups).
To use the default settings for the server, enter *NEVER.
Ensure single IP use
To limit the group to working from one IP address at a time, type Y. The group may have multiple sessions open at a time, but they must all be from the same IP address.
To limit the group's interactive sessions to one IP address at a time, type I. This does not affect the group's batch jobs.
To allow the group to work from multiple IP addresses simultaneously, type N.
Check (in FW) Native auth
To allow the group to access all native objects, type 1.
To reject all attempts by the group to access native objects,, type 2.
To check all attempts by the group to access native objects against Firewall settings set elsewhere, type 3.
Check (in FW) IFS auth
To allow the group to access all IFS objects, type 1.
To reject all attempts by the group to access IFS objects,, type 2.
To check all attempts by the group to access IFS objects against Firewall settings set elsewhere, type 3.