Setting Firewall Rules for Commands
You can specify which users can run specific commands through the Work with Native AS/400 Command Security screen.
To filter activity by commands that it would run, select 6. Commands from the Native Object Security screen, as shown in Setting Firewall Rules for Native Objects (STRFW > 4).
The Work with Native AS/400 Command Security screen appears:
| Work with Native AS/400 Command Security Type options, press Enter. Library . . . 1=Select 3=Copy 4=Delete Object . . . Opt Command Library ---------------------- Users --------------------- *ALL *ALL *PUBLIC %DEVELOP1 %DEVELOP2 SECURITY2P DLTF *ALL %DEVELOP1 %DEVELOP2 JAVA DSPFD *ALL %DEVELOP1 %DEVELOP2 JAVA DSPFFD *ALL %DEVELOP1 %DEVELOP2 JAVA DSPLIBL *ALL %DEVELOP1 QSECOFR CALL QSYS %JAVA QSECOFR SECURITY2P DLTUSRSPC QSYS %JAVA SBMJOB QSYS JAVA Bottom F3=Exit F6=Add new F8=Print F12=Cancel |
Each line of the list contains the following fields:
Command
The name of the command. This can also be a generic name ending in an asterisk ("*") or *ALL, which refer to all the relevant commands in the library named in the next field for which more specific settings have not been created.
Library
The name of the library containing the commands. This can also be a special name beginning with an asterisk ("*") or *ALL, which refers to all the relevant commands in all the relevant libraries. For example, the command TEST1 in the Library *ALL refers to any command
TEST1 in any library.
Users
A list of up to four users or groups for which particular authorities have been set. If there are more than four, an ellipsis ("...") appears in a fifth column. Selecting the command by entering 1 in the Opt field displays a screen with the entire list of users.
To create settings for a new command, press the F6 key. The Add Native AS/400 Command Security screen appears, as shown in Adding Firewall Rules for Commands.
To print the information from this screen, press the F8 key.
To modify the settings for a file, enter 1 in the Opt field for the command. The Modify Native AS/400 Command Security screen appears, as shown in Modifying Firewall Rules for Commands.
To copy settings for one command to another, enter 3 in the Opt field for the command. The Copy Object Security screen appears, as shown in Copying Firewall Rules for Commands.
To delete the settings for a command, enter 4 in the Opt field for the command. The Delete Native AS/400 Command Security screen appears, as shown in Deleting Firewall Rules for Commands.
To create and manage exceptions to command rules, specifying that Firewall can accept commands that it would normally reject if the commands include specific additional parameters, select 9. Command Exceptions from the Native Object Security screen, as shown in Setting Firewall Rules for Native Objects (STRFW > 4).