Modifying Firewall Settings for a Group
To modify Firewall settings for a group, enter 1 in the Opt column for the group on the Work with User Security screen, shown in Setting Firewall Rules for Users and Groups (STRFW > 3 > 1).
The Modify User Group Security screen appears.
| Modify User Group Security User Group . . . . . . . . %TEST1 %Name Type choices, press Enter. Authorities and Locations > 1. Services FTP, SQL, NDB, DDM, ... 2. IP 3. IPv6 4. Device Names SIGNON only 6. Check objects authority by Assign alt. users to services Selection ===> Description . . . . . . . . User allowed to work during Time group, *NEVER=Allow by group Ensure single IP use . . . N Y=Yes, I=Interactive only, N=No Check (in FW) Native auth . 3 1=Allow all, 2=Reject all, 3=Yes Check (in FW) IFS auth. . . 3 1=Allow all, 2=Reject all, 3=Yes F3=Exit F4=Prompt F8=Print F9=Object security F10=Logon security F12=Cancel |
The read-only User Group field shows the user name.
Through the options in the Authorities and Locations list, you can create specific filters for the group that can override the server's general settings. A close-arrow (">") before an item shows that its settings have already been changed from the default to a new value.
1. Services
To create filters based on services (such as FTP, SQL, NBD, or DDM), enter 1 in the Selection field. The Add User to Server Security screen appears, as shown in Adding Firewall Settings for a User based on Services.
2. IP
To create filters based on IP addresses, enter 2 in the Selection field. The Work with User IP Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IP Address.
3. IPv6
To create filters based on IPv6 addresses, enter 3 in the Selection field. The Work with User IPv6 Validation screen appears, as shown in Adding a Firewall Rule for Outgoing Activity by IPv6 Address.
4. Device name
To create filters based on SNA system names, enter 4 in the Selection field. The Work with Sign-On Device Validation screen appears, as shown in Adding a Firewall Rule for Incoming Activity by Remote System Names.
5. Services/Locations by %Groups
You can create groups of users based on applications that they use, locations in which they work, or other criteria. To add members to these group or to remove them, enter 5 in the Selection field. The Define Allowed Groups screen appears, as shown in Adding a User to Firewall Groups.
6. Check objects authority by
To have the user assume the authority of a different user when using particular servers, type 6 in the Selection field and press Enter. The Work with Alternative Users screen appears, as shown in Adding Firewall Settings for a User to Assume Different Authority for a Server.
These options control more aspects of the group members' authority:
Description
A free-form text description of the group
User allowed to work during
To limit the group to working within a specified range of hours of the day or days of the week, enter the name of a time group with those time settings (as shown in Defining Time Groups).
To use the default settings for the server, enter *NEVER.
Ensure single IP use
To limit the group to working from one IP address at a time, type Y. The group may have multiple sessions open at a time, but they must all be from the same IP address.
To limit the group's interactive sessions to one IP address at a time, type I. This does not affect the group's batch jobs.
To allow the group to work from multiple IP addresses simultaneously, type N.
Check (in FW) Native auth
To allow the group to access all native objects, type 1.
To reject all attempts by the group to access native objects,, type 2.
To check all attempts by the group to access native objects against Firewall settings set elsewhere, type 3.
Check (in FW) IFS auth
To allow the group to access all IFS objects, type 1.
To reject all attempts by the group to access IFS objects,, type 2.
To check all attempts by the group to access IFS objects against Firewall settings set elsewhere, type 3.