Basic terminology

This topic provides users with basic security terminology.

Object
An object is a named space on the system that you or an application can manipulate. Everything on the system that you or an application can work with is considered an object. Objects provide a common interface for working with system components. The most common examples of objects are files and programs. Other types of objects include commands, queues, libraries, and folders. Objects on the system are identified by object name, object type, and the library in which the object resides. You can secure each object on the system.
Library
A library is a special type of object that is used to group other objects. Many objects on the system reside in a library. Libraries are essentially containers, or organizational structures for other objects, and you can use them to reference other objects on your system. Libraries might contain many objects, and might be associated with a specific user profile or application. QSYS, which contains all other libraries on the system, is the only library that can contain other libraries. Objects in a library are handled like objects in a subdirectory. A library cannot live inside a directory.
Directory
A directory is a special object that provides another way to group objects on the system. Objects can reside in a directory and a directory can reside in another directory, forming a hierarchical structure. Each file system is a major subtree in the integrated file system directory structure. Directories are different from libraries in that the address of each library maps to the QSYS library while directories are not addressable. Names of libraries are restricted to 10 characters while directories can have longer names which might be case sensitive. Directories can have multiple names because the path to the directory is what is named and not the directory itself. You can use different commands and authority requirements when working with directories and libraries.
User profile
Every system user must have a user identity before they can sign on to and use a system. This user identity is a special object called a user profile, which only an administrator with appropriate system authority can create for a user.
Special authority
Special authority determines whether the user is allowed to perform system functions, such as creating user profiles or changing the jobs of other users.
Physical security
Physical security includes protecting the system unit, system devices, and backup media from accidental or deliberate damage. Most measures you take to ensure the physical security of your system are external to the system.
Application security
Application security deals with the applications you store on your system and how you will protect those applications while simultaneously allowing users access to them.
Resource security
Resource security on the system allows you to define who can use objects and how objects can be used. The ability to access an object is called authority. When you set up object authority, you need to be careful to give your users enough authority to do their work without giving them the ability to browse and change the system. Object authority gives permissions to the user for a specific object and can specify what the user is allowed to do with the object. An object resource can be limited through specific, detailed user authorities such as adding records or changing records. System resources can be used to give the user access to specific system-defined subsets of authorities: *ALL, *CHANGE, *USE, and *EXCLUDE. System values and user profiles control who has access to your system and prevent unauthorized users from signing on. Resource security controls the actions that authorized system users can perform, and the objects that they can access after they have signed on successfully. Resource security supports the main goals of security on your system to protect:
  • Confidentiality of information
  • Accuracy of information to prevent unauthorized changes
  • Availability of information to prevent accidental or deliberate damage
Security policy
A security policy allows you to manage security on an IBM i system.