- From the Network Security Main Menu, choose option 4 ‘Work with Security by Object’.
- Start with option 1 to create an Object List. Name the object list something descriptive that helps you identify the unique set of object(s) that will be included in the list. You may have multiple lists, each with their own objects.
- The Type field includes two possible values which indicate where the objects reside. ‘Q’ objects are native objects where ‘I’ objects are IFS path objects. They are separate because the programs needed to identify and test these objects are very different and cannot be combined.
- Once the list is created, add the entries (Objects). Use option 8 ‘Work with Entries’ to add objects. You may at any time add or remove objects to the list even after the rules are active.
- Next, add the user profiles or the IBM i group profile name that will be subject to the object list rules. To do so, use option 9 from the Work with Object Lists screen ‘Object Rules using Object List’. During the profile addition step, the Operation (e.g. *CREATE, *READ, *UPDATE, *DELETE, *ALL) will be made along with the Authority desired (e.g. *OS400, *REJECT, *SWITCH) for that object data and the object itself.
- Finally, select the servers you wish to apply the object rules to. You may also manually apply the Object rules by accessing the server and inserting the authority of *MEMOBJ. The existence of the *MEMOBJ authority on any server will indicate that server is testing for object rules.
See Object Rules in the Network Security Administrator’s Guide for more information.