Limiting access to program functions

The limit access to program function allows you to define who can use an application, the parts of an application, or the functions within a program.

The limit access to program function allows you to provide security for a program when you do not have an object to secure for the program. There are two methods that you can use to manage user access to application functions through IBM Navigator for i.

Using Application Administration to manage user access

To manage user access using Application Administration, follow these steps:

  1. Expand System.
  2. Click Application Administration.
  3. If you are on an administration system, select Local Settings. Otherwise, continue with the next step.
  4. Select an administrable function.
  5. Select Default Access to allow all users to access the function by default.
  6. Select All Object Access to allow all users with all object system privilege to access this function.
  7. Select Customizeand use the Add and Remove buttons on the Customize Access dialog box to add or remove users or groups in the Access Allowed and Access Denied lists.
  8. Select Remove Customization to delete any customized access for the selected function.
  9. Click OK to close the Application Administration dialog box.

Using Users and Groups to manage user access

To manage user access using Users and Groups, follow these steps:

  1. Click Users and Groups to show the Users and Groups welcome panel.
  2. Select Users, Groups, or Users Not in a Group to display a list of users and groups.
  3. Right-click a user or group, and select Application Administration.
  4. On Applications tab, you can change the access setting for a user or group.
  5. Click OK to close the Properties sheet.
Important: The limit access to program function does not prevent a user from accessing a resource, such as a file or program, from another interface. You still need to use resource security.
The limit access to program function support provides APIs to:
  • Register a function
  • Retrieve information about the function
  • Define who can or cannot use the function
  • Check to see if the user is allowed to use the function

To use this function within an application, the application provider must register the functions when the application is installed. The registered function corresponds to a code block for specific functions in the application. When the user runs the application, the application calls the check usage API to see if the user is allowed to use the function that is associated with the code block, before invoking the code block. If the user is allowed to use the registered function, the code block is run. If the user is not allowed to use the function, the user is prevented from running the code block.

The system administrator specifies who is allowed or denied access to a function. The administrator can either use the Work with Function Usage Information (WRKFCNUSG) command to manage the access to program function or use IBM Navigator for i.