Managing security for logical partitions
Most security-related tasks that you perform on a partitioned system are the same as on a system without logical partitions. However, when you create logical partitions, you work with more than one independent system. Therefore, you have to perform the same tasks on each logical partition instead of just once on a system without logical partitions.
Here are some basic rules to remember when dealing with security on logical partitions:
- You must first configure the service tools server to access the System i® Navigator logical partition functions. For more information about the service tools server, see Configuring the service tools server.
- Users performing logical partition operation or administration authority will require a Service Tool user profile in the primary partition.
- You add users to the system one logical partition at a time. You need to add your users to each logical partition you want them to access.
- Partitions cannot see or use memory and disk units of another logical partition.
- Partitions can only see their own hardware resources.
- When using the System i Navigator logical partition function from the primary partition, you can see all system hardware resources in the Configure Partitions window by selecting All hardware. When using the System i Navigator logical partition function from a secondary partition, you can only view the resources assigned to the secondary partition. In both primary and secondary partitions, you require logical partition operation or administration authority to view the resources assigned to the partition.
- The system control panel controls the primary partition. The remote control
panel controls all partitions on the server. When any partition is set to
secure, no actions can be performed from either the system panel, the remote
control panel, or the Work with Partitions Status display from SST. To force
DST from the system control panel or the remote control panel, you must change
the mode to Manual.
- You can use the remote control panel to power on and power off the partition.
- You can use the remote control panel to set the secondary partition mode from secure to any other value.
Once a secondary partition's mode is no longer secure, you can use the remote control panel to change the partition status.