12.25 | IBM Safenet/400 manual

Notes:

1.At Levels 3 and 4 users must be authorized to the server function.

2.At Level 4 the user must be authorized to the OBJECT/LIBRARY and the SQL statement. Data authority requirements are determined by the authorized SQL statements for the user.

3.Due to a restriction within IBM's OS/400 for versions prior to V4R1, OS/400 delivers SQL requests to SafeNet/400 with a limit of 512 characters in length. Since most SQL statements are normally much less than this limit, this is not a concern for most users. However, if this limit is exceeded, SafeNet/400 will log a truncated request string into the history file. For V4R1 and above, this restriction does not apply.

PTFs are available for earlier releases of OS/400 to enable long SQL strings. Contact IBM for details.

	SafeNet/400 Reference Guide
	♥ Copyright 2008 MP Associates of Westchester, Inc.	12.25
	V8.50 - May 2008	12.25
	V8.50 - May 2008

Image 145

IBM Safenet/400 manual 12.25

Contents

MP Associates of Westchester, Inc SAFENET/400 How to contact us Table of Contents 10.3 10.110.7 10.9 Group Profiles Navigating through the screens Logging Level a Setting the User Logging LevelsLogging Level R Logging Level N SafeNet Administrator Super Trusted User Control Maintain User to Server Security screen appears Entering User Security Levels ALL Active Servers Entering User Authorities to Objects Add New Object Authorization screen appearsWork User to Object Security screen is displayed Not Allowed for library Not Allowed for object Reminder Exclusions Copyright 2008 MP Associates of Westchester, Inc V8.50 May Work User to SQL Statements screen is displayed Entering User Authorities to SQL StatementsType the user profile, the Group or *PUBLIC, then Enter Maintain Authorized SQL Statements screen appears Copyright 2008 MP Associates of Westchester, Inc V8.50 May Type the user profile or *PUBLIC then Enter Entering User Authorities to FTP StatementsWork with Authorized FTP Statements screen appears Path Encrypted Using FTP Server Using FTP ClientName Format List Format Maintain Authorized CL Commands screen appears Work User to CL Commands, Enter User ID screen is displayedType each CL command that this user is permitted to use Copyright 2008 MP Associates of Westchester, Inc Maintain Path Names screen appears Entering Long Path Names Copyright 2008 MP Associates of Westchester, Inc Removing a User from SafeNet/400 Copy SafeNet User/Authorities screen is displayedRemove Users from SafeNet screen appears Maintain all Security for a User Authorized to At this time? Setting up Time of Day Controls Type the user profile, Enter and then press F10 User Time-of-Day Maintenance screen appears Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Setting UP Servers Level SafeNet/400 Server Function Security Levels Level Setting the Server Function Logging Levels Intermediate Server Security Supported by all Servers Basic Server Security Supported by all ServersAdvanced Server Security Supported by Specific Servers Level 1, Log None Recommended Server Settings Level 1, Log None Level 3, Log All Limit user Distributed Data Management Level 1, Log All Log all requests Pwrdwnsys Maintain Server Security screen is displayed Entering Server Function Security Levels Copyright 2008 MP Associates of Westchester, Inc Customer Exit Programs Copyright 2008 MP Associates of Westchester, Inc Setting up Telnet Restricting Access to Specific Device Names Controlling Telnet Access by IP Address Setting the Required Password Type Allow Auto Signon Enter the password type 0 or 1 is required Logging of Telnet Sessions Turning on TCP/IP Address Checking Setting up TCP/IP Address ControlsType Wrksrv Example Setting up TCP/IP Address Control Table Copyright 2008 MP Associates of Westchester, Inc Anonymous FTP Logon Use Wrktcpipa *FTPSERVER Parameter Screen Selections Value DescriptionUse Wrktcpipa *FTPCLIENT Libname Recommended that you leave this as Profilename Pword Password of *NONE and *USER for Example Setting up for Anonymous FTPLocate the FTP Logon Server point Page Select Option 6 Work with User to CL Command Security Setting up for Normal User IDs and FTP ServersPage Dynamic Host Configuration Protocol Dhcp Control and Reports Menu appears Working with Dhcp Current Dhcp Activity Copyright 2008 MP Associates of Westchester, Inc Maintaining MAC Addresses Fixed IP Addresses Purging Expired Dhcp Lease Information Ping Checker Reports Setup Reports Usage Reports Copyright 2008 MP Associates of Westchester, Inc Security Report by User in test mode Menu SN4, Option Testing Your Security Settings Copyright 2008 MP Associates of Westchester, Inc Security Levels to Check field Copyright 2008 MP Associates of Westchester, Inc Copyright 2008 MP Associates of Westchester, Inc V8.50 May On the Print Security Report screen fill in the following Batch Transaction Test Review/Report Security Report by User Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Recommended approach to testing Pcreview Copyright 2008 MP Associates of Westchester, Inc V8.50 May Copyright 2008 MP Associates of Westchester, Inc Log file Purge Strprg DAYS060 To perform a standard purge Strprgarc DAYS060 ARC*YES PRT*YES PRTR*NO RMVDEL*NO To purge the log and archive the records Automating the One Step Security Report Automating the log file purge Strprgarc DAYS005 Strprgarc DAYS001 Enter command Chgspcset LOGALL*NO Daily Backup ProcedureChgspcset LOGALL*YES to begin logging Copyright 2008 MP Associates of Westchester, Inc Before de-activating De-activating SafeNet/400 To activate or de-activate SafeNet/400 Removing SafeNet/400 from your system Copyright 2008 MP Associates of Westchester, Inc 10.1 Error Message Received on the System 10.2 Check the request log for a ‘REJECTED’ response Error Message Received on the Client10.3 10.4 10.5 Also try Endtcpsvr *ALL, Endhostsvr *ALL then Strtcp If you still cannot resolve the problem10.6 10.7 Examples of Client Error Messages 10.8 10.9 Error Codes which Appear in the Log 10.10 10.11 Additional Troubleshooting Tips 10.12 11.1 Resetting Level 5 within SafeNet/400 11.2 Select Option 6 Activate/De-Activate SafeNet/400 11.3 Pre-Power Down Program Point 11.4 Using Automatic Alert Notification Creating a Distribution List Activating SafeNet/400 Alert Notification11.5 OPT Profile SwappingSafeNet/400 RQD 11.6 Maintain Authorized Swap Profiles screen appears Setting up a Swap Profile11.7 11.8 Journaling SafeNet/400 Security Files Files Contained in SafeNet/400 Errord FileTraparcw File 11.9 11.10 Trapod File Commands Description SafeNet/400 Commands11.11 11.12 11.13 Wrkusrsec 11.14 12.1 Server Function Descriptions 12.2 Original Servers Server Identifier Where usedFormat Name Levels Supported 12.4 12.5 Limitations 12.6 12.7 Usrlibl ALL 12.8 12.9 Original Message Server Description Original Message Server 12.10 12.11 12.12 12.13 Optimized Servers 12.14 12.15 12.16 12.17 12.18 12.19 Access to System i5 database through Odbc interface Database Server Entry Description Database Server Entry 12.21 Usage 12.22 12.23 12.24 12.25 12.26 Data Queue Server Description Data Queue Server 12.27 12.28 File Server Description File Server Access to entire file systemWindows Explorer and other applications 12.29 12.30 Allflr ALL 12.31 Personnel ALL 12.32 PAYROLL.LI SALARY.FIL Usage Notes/Limitations Recommended Setting Level 4, Log All12.33 12.34 12.35 FTP Logon Server Description FTP Logon Server 1 12.36 FTP Logon Server Description FTP Logon Server 2 12.37 FTP Logon Server Description FTP Logon Server 3 12.38 12.39 12.40 12.41 Pre-Power Down Description Pre-Power Down Server 12.42 Usage Notes Rexec Logon Server Description Rexec Logon Server 112.43 12.44 Rexec Logon Server Description Rexec Logon Server 2 12.45 12.46 Important Notes on setting up a user for ShowCase** Strategy 12.47 TCP Signon Server Description TCP Signon Server 12.48 12.49 12.50 Server Identifier Format Index Public