IBM Support

IBM Navigator for i - Access Authorization Options

News


Abstract

The Navigator interface provides a convenient graphical approach to access, monitor, and manage many aspects of the IBM i operating system. Each user must provide valid authorization credentials for every endpoint node accessed. This section reviews the various options for user profile usage and prompting.

Content

​You are in: IBM i Technology Updates  > Navigator for i > Access Authorization Options
For heritage Navigator Authority page, see www.ibm.com/support/pages/node/1164610

Access Authorization
The Navigator interface provides a user-friendly graphical approach to access, monitor, and manage many aspects of the IBM i operating system. Each user must provide valid authorization credentials for every endpoint node accessed.
System administrators can manage which functions and attributes are seen and modifiable by each user through 'normal' IBM i authority and access methods. When a user signs in to the Navigator interface, they are running under the access & authorization credentials for that user profile. If a user can't access something from a green screen, there is also no access allow in the Navigator.  
 
Since Navigator is a client interface, it can allow access to other endpoint nodes as well as the IBM i that the Navigator is running on.  Authorization credentials are required for each end-point node. 
There are three methods that the user and password for the end-point node can be obtained:
  1. Use the same user profile and password as was used when you sign in to the GUI node (default) 
  2. Prompt for user and password on first access of an end-point node 
  3. Save the specified user and password in an encrypted file on the GUI node and use the values saved in that file for future end-point IBM i nodes.  This file is encrypted and is only accessible by the signed on user, but this method is still less secure and therefore not recommended. 
 Access authorization method details - Hover over the serviceability tab and click the "Connection Properties" menu action. 
IBM Navigator for i Connection Properties menu Option from Dashboard
From the Connection Properties page, select the "Authentication" tab on the left. 
IBM Navigator for i Authentication Tab
Select an option and click "Save".  A change often requires you to sign back in for this browser session.  
Details on each option: 
  • Use GUI login information to connect to all nodes on the dashboard (default) - The user is prompted for their IBM i user profile and password on the main Navigator sign-in page. The credentials are used to establish access to any endpoint already on the dashboard OR add an endpoint that the user wants to access, monitor, and manage. This user and password is not saved anywhere other than the application runtime.  In order for a user to access an endpoint system, they must have the exact same user profile name and password on that endpoint.  Note that the functions and access for a user profile on any endpoint can vary since the credentials for that user on that endpoint are used to determine access and function availability for managing the system. 
  • Prompt for login information every time a connection to a node is made.  Each endpoint node defined on the dashboard remains in a 'locked' access state until the user takes an action to access or manage that endpoint.  For example, once a user double-clicks a dashboard tile to manage that endpoint, they are prompted for a user profile and password for that specific endpoint system.  The Navigator interface uses those specified user credentials only for that endpoint. The Navigator interface continues to use the specified user profile and password only during this browser session.  
  • Prompt for login information and store it for future use.  This option is not recommended in secure environments.   The user is prompted once for the user and password for the endpoint node. The Navigator interface then saves that user profile and password information only on the GUI node in an encrypted file for future use.  Only the GUI-node user profile has access to this file and can decrypt the user profile and password for the registered end-point nodes. To update the password on an end-point node, the user needs to right-click the tile on the dashboard.  Click the "Edit Node Information" page to update the user and password values saved in the file. 

Serviceability
The Serviceability section is denied for default access.  Only user profiles with *ALLOBJ special authority are able to see this section by default.  Normal user profiles need to be added to the QIBM_NAV_SERVICEABILITY function ID.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CH1AAM","label":"IBM Navigator for i"}],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;and future releases"}]

Document Information

Modified date:
09 September 2021

UID

ibm16483569