Where used, Server Identifier, Format Name, 12.3 | IBM Safenet/400

Distributed Data Management

Description: Distributed Data Management - 100

Security checking is performed when a remote user or system accesses a System i5 file or issues an incoming remote command via DDM. The remote user must be authorized to perform the operation (open, close, read or write, for example) or the DDM request is rejected.

Where used:	iSeries Access for Windows
	Client Access for Windows 3.1
	Client Access for OS/2
	Client Access for DOS with Extended Memory
	Client Access for DOS
	System i5 to System i5, System/38™ or System/36™ Communication
Server Identifier:	*DDM
Format Name:	*DDM
Levels Supported:	Basic	(Levels 1,2,)
	Intermediate	(Level 3)
	Advanced	(Level 4)
	Plus special setting for remote command processing
	CL command authority checking is performed at Level 4

Limitations: - See the Special Jobs Menu for incoming remote commands

-Cannot check authority of files, objects or commands imbedded in the command string

Recommended

Setting:Level 4, Log All

Notes:

1.Commands are allowed only if specified from Special Jobs Menu, Option 2

(CHGSPCSET command). DDM commands, NOT file requests, can be stopped by saying “NO” to Allow DDM Commands parameter. The SafeNet/400 default is “YES” to allow commands. Review existing requirements prior to changing this setting. At Level 4, users must be authorized to commands.

2.Does not support *SPC type transactions.

	SafeNet/400 Reference Guide
	♥ Copyright 2008 MP Associates of Westchester, Inc.	12.3
	V8.50 - May 2008	12.3
	V8.50 - May 2008

Image 123

IBM Safenet/400 manual Where used, Server Identifier, Format Name, Levels Supported, Recommended, 12.3

Contents

MP Associates of Westchester, Inc SAFENET/400 How to contact us Table of Contents 10.9 10.110.3 10.7 Group Profiles Navigating through the screens Logging Level N Setting the User Logging LevelsLogging Level a Logging Level R SafeNet Administrator Super Trusted User Control Maintain User to Server Security screen appears Entering User Security Levels ALL Active Servers Add New Object Authorization screen appears Entering User Authorities to ObjectsWork User to Object Security screen is displayed Not Allowed for library Not Allowed for object Reminder Exclusions Copyright 2008 MP Associates of Westchester, Inc V8.50 May Maintain Authorized SQL Statements screen appears Entering User Authorities to SQL StatementsWork User to SQL Statements screen is displayed Type the user profile, the Group or *PUBLIC, then Enter Copyright 2008 MP Associates of Westchester, Inc V8.50 May Entering User Authorities to FTP Statements Type the user profile or *PUBLIC then EnterWork with Authorized FTP Statements screen appears Path Encrypted List Format Using FTP ClientUsing FTP Server Name Format Work User to CL Commands, Enter User ID screen is displayed Maintain Authorized CL Commands screen appearsType each CL command that this user is permitted to use Copyright 2008 MP Associates of Westchester, Inc Maintain Path Names screen appears Entering Long Path Names Copyright 2008 MP Associates of Westchester, Inc Copy SafeNet User/Authorities screen is displayed Removing a User from SafeNet/400Remove Users from SafeNet screen appears Maintain all Security for a User Authorized to At this time? Setting up Time of Day Controls Type the user profile, Enter and then press F10 User Time-of-Day Maintenance screen appears Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Setting UP Servers Level SafeNet/400 Server Function Security Levels Level Setting the Server Function Logging Levels Basic Server Security Supported by all Servers Intermediate Server Security Supported by all ServersAdvanced Server Security Supported by Specific Servers Level 1, Log None Recommended Server Settings Level 1, Log None Level 3, Log All Limit user Distributed Data Management Level 1, Log All Log all requests Pwrdwnsys Maintain Server Security screen is displayed Entering Server Function Security Levels Copyright 2008 MP Associates of Westchester, Inc Customer Exit Programs Copyright 2008 MP Associates of Westchester, Inc Setting up Telnet Restricting Access to Specific Device Names Controlling Telnet Access by IP Address Setting the Required Password Type Allow Auto Signon Enter the password type 0 or 1 is required Logging of Telnet Sessions Setting up TCP/IP Address Controls Turning on TCP/IP Address CheckingType Wrksrv Example Setting up TCP/IP Address Control Table Copyright 2008 MP Associates of Westchester, Inc Anonymous FTP Logon Libname Parameter Screen Selections Value DescriptionUse Wrktcpipa *FTPSERVER Use Wrktcpipa *FTPCLIENT Recommended that you leave this as Profilename Pword Password of *NONE and *USER for Setting up for Anonymous FTP ExampleLocate the FTP Logon Server point Page Select Option 6 Work with User to CL Command Security Setting up for Normal User IDs and FTP ServersPage Dynamic Host Configuration Protocol Dhcp Control and Reports Menu appears Working with Dhcp Current Dhcp Activity Copyright 2008 MP Associates of Westchester, Inc Maintaining MAC Addresses Fixed IP Addresses Purging Expired Dhcp Lease Information Ping Checker Reports Setup Reports Usage Reports Copyright 2008 MP Associates of Westchester, Inc Security Report by User in test mode Menu SN4, Option Testing Your Security Settings Copyright 2008 MP Associates of Westchester, Inc Security Levels to Check field Copyright 2008 MP Associates of Westchester, Inc Copyright 2008 MP Associates of Westchester, Inc V8.50 May On the Print Security Report screen fill in the following Batch Transaction Test Review/Report Security Report by User Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Recommended approach to testing Pcreview Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Log file Purge Strprg DAYS060 To perform a standard purge Strprgarc DAYS060 ARC*YES PRT*YES PRTR*NO RMVDEL*NO To purge the log and archive the records Automating the One Step Security Report Automating the log file purge Strprgarc DAYS005 Strprgarc DAYS001 Daily Backup Procedure Enter command Chgspcset LOGALL*NOChgspcset LOGALL*YES to begin logging Copyright 2008 MP Associates of Westchester, Inc Before de-activating De-activating SafeNet/400 To activate or de-activate SafeNet/400 Removing SafeNet/400 from your system Copyright 2008 MP Associates of Westchester, Inc 10.1 Error Message Received on the System 10.2 Error Message Received on the Client Check the request log for a ‘REJECTED’ response10.3 10.4 10.5 If you still cannot resolve the problem Also try Endtcpsvr *ALL, Endhostsvr *ALL then Strtcp10.6 10.7 Examples of Client Error Messages 10.8 10.9 Error Codes which Appear in the Log 10.10 10.11 Additional Troubleshooting Tips 10.12 11.1 Resetting Level 5 within SafeNet/400 11.2 Select Option 6 Activate/De-Activate SafeNet/400 11.3 Pre-Power Down Program Point 11.4 Using Automatic Alert Notification Activating SafeNet/400 Alert Notification Creating a Distribution List11.5 11.6 Profile SwappingOPT SafeNet/400 RQD Setting up a Swap Profile Maintain Authorized Swap Profiles screen appears11.7 11.8 Journaling SafeNet/400 Security Files 11.9 Errord FileFiles Contained in SafeNet/400 Traparcw File 11.10 Trapod File SafeNet/400 Commands Commands Description11.11 11.12 11.13 Wrkusrsec 11.14 12.1 Server Function Descriptions 12.2 Original Servers Levels Supported Where usedServer Identifier Format Name 12.4 12.5 Limitations 12.6 12.7 Usrlibl ALL 12.8 12.9 Original Message Server Description Original Message Server 12.10 12.11 12.12 12.13 Optimized Servers 12.14 12.15 12.16 12.17 12.18 12.19 Access to System i5 database through Odbc interface Database Server Entry Description Database Server Entry 12.21 Usage 12.22 12.23 12.24 12.25 12.26 Data Queue Server Description Data Queue Server 12.27 12.28 12.29 Access to entire file systemFile Server Description File Server Windows Explorer and other applications 12.30 Allflr ALL 12.31 Personnel ALL 12.32 PAYROLL.LI SALARY.FIL Recommended Setting Level 4, Log All Usage Notes/Limitations12.33 12.34 12.35 FTP Logon Server Description FTP Logon Server 1 12.36 FTP Logon Server Description FTP Logon Server 2 12.37 FTP Logon Server Description FTP Logon Server 3 12.38 12.39 12.40 12.41 Pre-Power Down Description Pre-Power Down Server 12.42 Rexec Logon Server Description Rexec Logon Server 1 Usage Notes12.43 12.44 Rexec Logon Server Description Rexec Logon Server 2 12.45 12.46 Important Notes on setting up a user for ShowCase** Strategy 12.47 TCP Signon Server Description TCP Signon Server 12.48 12.49 12.50 Server Identifier Format Index Public