Menus are a good method for providing controlled access on your system. You can use menus to restrict a user to a set of strictly controlled functions by specifying limited capabilities and an initial menu in the user profile.
To use menus as an access control tool, follow these guidelines when designing them:
- Do not provide a command line on menus designed for restricted users.
- Avoid having functions with different security requirements on the same menu. For example, if some application users are allowed to only view information, not change it, provide a menu that has only display and print options for those users.
- Make sure that the set of menus provides all the necessary links between menus so the user does not need a command line to request one.
- Provide access to a few system functions, such as viewing printer output. The ASSIST system menu gives this capability and can be defined in the user profile as the Attention-key-handling program. If the user profile has a class of *USER and has limited capabilities, the user cannot view the output or jobs of other users.
- Provide access to decision-support tools from menus. The topic Using adopted authority in menu design gives an example of how to do this.
- Consider controlling access to the System Request Menu or some of the options on this menu.
- For users who are allowed to run only a single function, avoid menus entirely and specify an initial program in the user profile. Specify *SIGNOFF as the initial menu.
For example, at the JKL Toy Company, all users see an inquiry menu allowing access to most files. For users who are not allowed to change information, this is the initial menu. The return option on the menu signs the user off. For other users, this menu is called by an inquiry option from application menus. By pressing F12 (Return), the user returns to the calling menu. Because library security is used for program libraries, this menu and the programs it calls are kept in the QGPL library:
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.