Adding Firewall Settings for a User to Assume Different Authority for a Server
To add Firewall settings for a user to assume a different user's authority for specified servers, enter 6 in the Selection field of the Add User Security screen, shown in Adding Firewall Settings for a User (STRFW > 3 > 1, F6, Selection: 6).
The Work with Alternative Users screen appears:
| Work with Alternative Users User . . . . . . . . . . EXAM You can define an alternative way of checking object authority. This is done by service. Specify a "User" whose authority (without groups) will be checked in Firewall. If Swap=Y, this extends to system authority ches.. Check per Swap user Server "User" (Y-Yes) FTPSRV FTP Server-Incoming Rqst Validation FTPCLN FTP Client-Outgoing Rqst Validation REXEC REXEC Server Request Validation RMTSQL Original Remote SQL Server SQL Database Server - SQL access & Show NDB Database Server - data base access RMTSRV Remote Command/Program Call FILSRV File Server DTAQ Data Queue Server FILTFR Original File Transfer Function F3=Exit F4=Prompt F12=Cancel |
The screen shows a list of servers known to Firewall. Each line contains a short Server name and longer text description for the server, and the following fields:
Check per "User"
The username of another user. If the user exists, the current user assumes the object authority settings for that user when working with that server within iSecurity. To see a list of possible users, press the F4 key.
Swap User (Y-Yes)
If this is set to Y, any activity by that user on the server is reported to the operating system as being by the user named in the Check per "User" field. If the user does not exist, the attempt to swap object authorities fails.
Otherwise, while the user assumes the authority of the user listed in the Check per "User" field, the activity is reported and logged as being by the current user.