Setting Firewall Rules for Users, Groups, and Applications
Firewall can filter activity by the user requesting it. Users can be members of multiple groups, including both IBM-defined groups and other Firewall-specific groups based on the applications that the user runs, the user's location, or other ad-hoc criteria. Firewall can also find all instances of a user or group, remove the user or group from the system, or replace the user or group with another.
If the Security Level for a server is set to three or above (as shown in Modifying Firewall Settings for Servers), user-based rules can override the general rules for a server. For example, if the Security Level parameter in the server security rule for the FTP server is set to 3 (user-to-service), the user-to-server rules set here may allow activity for certain users and reject access for others, beyond the general rules for the server.
For the FTP, SQL, Database, and DDM servers, you can establish rules restricting the commands (also known as "verbs") that specified users or groups can perform. For example, you can define that members of the user group %PGMR are not permitted to execute the SQL delete command.
You can examine and create these filter rules, and use the Rule Wizards to built new rules based on users and groups from the Work with Users screen (STRFW > 3).
| GSUSMN Work with Users System: RLDEV Select one of the following: Users and More Rule Wizards - Users 1. Users and Groups 41. Create Working Data Set 42. Re-use Data Set 5. Application Groups 6. Location Groups Find/Replace/Copy User 31. Print All Occurrences of User 32. Replace or Remove User 33. Copy User 35. Add/Replace/Remove Group Users Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=System main menu |
To create and manage rules for users and groups, select 1. Users and Groups. The Work with User Security screen appears, as shown in Setting Firewall Rules for Users and Groups.
To create and manage rules for application groups, select 5. Application Groups. The Work with Application Groups screen appears, as shown in Setting Firewall Rules for Application Groups.
To create and manage rules for location groups, select 6. Users and Groups. The Work with Location Groups screen appears, as shown in Setting Firewall Rules for Location Groups.
To print a report of all rules that affect and groups that include a user, select 31. Print All Occurrences of User. The Replace FW user (RPLFWUSR) screen appears, with the Replace to user field set to *PRINT. Enter the name of the user or group in the Replace from user field.
To add a member to a Firewall group, replace a member in it, or remove a member from it, select 35. Add/Replace/Remove Group Users. The Change Firewall User Group (CHGFWGRP) screen appears, as shown in Adding, Replacing, or Removing Members of Firewall Groups.
To remove a user or replace one user with another, select 32. Replace or Remove User. The Replace FW user (RPLFWUSR) screen appears. Enter the name of the user or group to be replaced or removed in the Replace to user field.
To remove a user or group, enter *REMOVE in the Replace to user field.
To replace one user or group with another, enter the name of the replacement in the Replace from user field.