The above approach requires at least one profile per user. Additional profiles can be used to aggregate users into groups, and therefore to simplify the granting of authorizations: we may classify profiles into two main classes:
Personal profiles—Each personal profile represents an individual user, either an end user or a developer. These profiles are the profiles to which individual users sign on.
Some special personal profiles representing standard roles are shipped in the system—for instance ‘QSYSOPR’ (System operator), ‘QSECOFR’ (Security officer). If the duties of a shipped profile are the responsibility of a single user, then they can be used as shipped. If more than one person carries out the duties sub-profiles should be introduced to maintain accountability.
Impersonal profiles—impersonal profiles represent groupings. Users never actually sign on to them. Group profiles are normally impersonal profiles.
Some impersonal profiles represent products rather than operational groups; for example QSYS, YSYS. These profiles are granted the necessary rights for programs to adopt to carry out the functions of the product.
|
Copyright © 2014 CA.
All rights reserved.
|
|