IBM Support

IBM Navigator for i - Function Usage IDs

News


Abstract

Information on Function Usage IDs for controlling feature and function for users within IBM Navigator for i.

Content

You are in: IBM i Technology Updates  > IBM Navigator for i > Function Usage IDs
QIBM_NAV_ALL_FUNCTION is now shipped with default of *DENIED.  
This is a change from the original shipped value of *ALLOWED in previous HTTP Group PTF levels.  *SECOFR profiles and user profiles with *ALLOBJ authority are able to access IBM i Navigator for i.  Other profiles require a change to grant access.  The recommended method to grant access is to add a profile to the specific function ID for the functions required.
PTF details can be found here: IBM Navigator for i - PTF Update Details

The new IBM Navigator for i interface authorization can be controlled by using function usage IDs. These IDs control different high-level categories within the Navigator. If a user is denied access to one of the high-level areas, that user is not allowed to access any of the function areas under that high-level area. The new function usage IDs are defined in the next table:
Function Usage IDs
 
Function ID Description Default Authority *ALLOBJ
QIBM_NAV_WRK_MGT Work Management
*ALLOWED
*USED

QIBM_NAV_CONF_SRV

Configuration & Service *ALLOWED *USED
QIBM_NAV_SYSTEM System *ALLOWED *USED
QIBM_NAV_MONITORS Monitors *ALLOWED *USED
QIBM_NAV_NETWORK Network *ALLOWED *USED
QIBM_NAV_SECURITY Security *ALLOWED *USED
QIBM_NAV_USERS_GROUPS Users and Groups *ALLOWED *USED
QIBM_NAV_PDI Performance *ALLOWED *USED

QIBM_NAV_FILE_SYSTEM

File System
*ALLOWED *USED
QIBM_NAV_SERVICEABILITY Serviceability *DENIED *USED
QIBM_NAV_CUSTOM_CHARTS Custom Charts *ALLOWED *USED
QIBM_NAV_ALL_FUNCTION Use of IBM Navigator for i functions *DENIED1 *USED
1 - IBM i 7.3 & 7.4 Navigator PTFs before May 2022 shipped QIBM_NAV_ALL_FUNCTION Function ID with default of *ALLOW.  This is changed with the May 2022 PTF.  PTF group levels available here: PTF Information
Notes: 
  • All existing function usage IDs for previous interfaces are untouched and do not apply to the new Navigator interface 
  • All function usage IDs are shipped with a default of *ALLOW except for the Serviceability ID and overall function ID (QIBM_NAV_ALL_FUNCTION).  With a function ID shipped value of *DENY, user profiles that don't have explicit authority to the objects controlled by that function ID, will need to have *ALLOW access to the function ID for access to those features.  When granted explicit access through the function ID, the user profile is able to access those features for each area (such as the Navigator Logs directory or the Navigator Keystore file for the serviceability ID).
  • More IDs can be added based on user feedback and usage rational  

Function Usage Interface
 This interface is similar to the Application Administration support from the heritage Navigator.  
To add or remove user profiles to a Function Usage ID, go to the Function Usage interface by starting with the Security icon.
Security -> Function Usage
Or type "Function Usage" in the search bar.
Function Usage Table
Select an ID and right click to select "Change"
Change Menu
Browse for the user profile, and select to Add the profile or Remove it from Access Allowed or Access Denied
Change ID panel
Select "OK" to save changes.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CH1AAM","label":"IBM Navigator for i"}],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.3.0;7.4.0;and future releases"}]

Document Information

Modified date:
05 April 2022

UID

ibm16485853