IBM Support

IBM i NetServer: Restrict Server and Share Access with Authorization Lists

News


Abstract

Starting in IBM i 7.5, user access to IBM i NetServer and specific shares can be restricted by assigning an authorization list.

Content

You are in: IBM i Technology Updates >  IBM i Security  > IBM i NetServer: Restrict Server and Share Access with Authorization Lists
IBM i NetServer now allows assigning an authorization list object to the server and individual shares. The authorization list is used as an extra layer of protection for shared resources.  Updating the configuration can be performed through Navigator by changing  IBM i NetServer Properties or Share properties or by using the IBM i NetServer APIs.
When an authorization list is assigned to the server with Navigator, the QZLSCHSI API or through the GO NETS user tool, the server will check the access of the connecting user against the authorization list to determine if the connection will be allowed. A user must have at least *USE authority to the authorization list to access the server when an authorization list is assigned.
When an authorization list is assigned to a share with Navigator, the IBM i NetServer share APIs (QZLSADFS, QZLSADPS, QZLSCHFS, or QZLSCHPS) or through the GO NETS user tool, the server will check the access of the connecting user against the share authorization list to determine the level of access that is allowed. Access is determined as follows:
  • If the user has less than *USE authority to the authorization list, access to the share is denied.
  • If the user has at least *USE authority and less than *CHANGE authority to the authorization list, the user is restricted to read-only access to the share.
  • If the user has *CHANGE authority or higher to the authorization list, the user access is unrestricted by the authorization list.
This support layers with underlying object authorities as well as existing read-only share restrictions. The most restrictive layer will determine the final level of access.

[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CLSAA2","label":"Integrated File System-\u003ENetServer"}],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.5.0"}]

Document Information

Modified date:
03 May 2022

UID

ibm16579379

Page Feedback