How To Guide

Occurrences when Policies are Initialized in Policy Minder for IBM i

Last Updated:
March 4, 2017

The following occurs when policies are initialized:

  • The current setting of most system values are retrieved and established as the policy for the *SYSVAL category.
  • The auto-start value and time-out value (if available) for each TCP/IP server are retrieved and established as the policy for the *TCPIP category.
  • Any exit programs registered for the most popular exit points are retrieved and established as the policy for the *EXITPGM category. Note: If you use an exit program that is not already listed in Policy Minder for IBM i, you can add it by taking option 1 from the Main menu, then option 5 on the *EXITPGM category, then press F6.
  • Programs and service programs that adopt an *ALLOBJ user are discovered and established as the policy for the *ADOPT category. Note: You can add policies for other user profiles by taking option 1 from the Main menu, then option 5 on the *ADOPT category, then press F6 to create a new template.
  • All authorization lists and users authorized to the lists are retrieved and established as the policy for the *AUTL category.
  • All of the file shares defined for the system are retrieved and established as the policy for the *SHARES category.
  • All commands that are allowed to be run by a limited capability user are discovered and established as the policy for the *LMTCMD category.
  • All job descriptions that specifically name a user profile are discovered and established as the policy for the *JOBD category.
  • User-written programs, service programs and commands created into the library QSYS are discovered and established as the policy for the *USROBJ category.

Authorities to the CRTLIB, MKDIR, CRTDIR and STRTCPSVR commands are retrieved and established as the policy for the *CMDAUT category. Note: You may have other commands that you want to ensure are properly secured. You can add those by taking option 1 from the Main menu, then option 5 on the *CMDAUT category, then press F6 to add a new command.

Related Solutions