System Request

To prevent specific users from seeing the System Request menu, specify: GRTOBJAUT OBJ(QSYS/QGMNSYSR)OBJTYPE(*PNLGRP)  

USER(USERA)AUT(*EXCLUDE)

A user can use the system request function to suspend the current job and display the System Request Menu. The System Request Menu allows the user to send and display messages, transfer to a second job, or end the current job. This might represent a security exposure because the public authority to the System Request Menu is *USE when a system is shipped.

To call up the System Request menu:

1.Press the Sys Req key to show key an input line at the bottom of the display.

2.Press Enter to show the System Request Menu.

Each time the System Request key is pressed, the system automatically changes the current user profile of the job to the initial user profile of the job. This is done so that the user does not have any additional authority on the System Request menu or in the Presystem Request Program exit program. After the System Request function is completed, the current user profile of the job is returned to the value that it was before the System Request key was pressed.

From the System Request menu enter an option 1 to display the signon for a secondary job (Job B in this example). The original job (Job A in this example) is suspended during the time Job B is processed.

If the operator presses Sys Req and picks option 1, Job B is suspended and Job A is continued from the point it was suspended.

Thus, the operator can jump between two jobs, processing one while the other is suspended.

When the operator signs off one job (either one) the other job is given control to continue processing.

Restricting the use of system request menu options

Any of the options can be restricted by removing public

authority to the associated command.

You can prevent users from selecting specific options from the System Request Menu by restricting the authority to the associated commands

System Request

To prevent specific users from seeing the System Request menu, specify: GRTOBJAUT OBJ(QSYS/QGMNSYSR)OBJTYPE(*PNLGRP)  

USER(USERA)AUT(*EXCLUDE)

A user can use the system request function to suspend the current job and display the System Request Menu. The System Request Menu allows the user to send and display messages, transfer to a second job, or end the current job. This might represent a security exposure because the public authority to the System Request Menu is *USE when a system is shipped.

To call up the System Request menu:

1.Press the Sys Req key to show key an input line at the bottom of the display.

2.Press Enter to show the System Request Menu.

Each time the System Request key is pressed, the system automatically changes the current user profile of the job to the initial user profile of the job. This is done so that the user does not have any additional authority on the System Request menu or in the Presystem Request Program exit program. After the System Request function is completed, the current user profile of the job is returned to the value that it was before the System Request key was pressed.

Signon User

After the user enters a user ID and password, these steps are performed before a job is actually started on the system:
1.The user profile and password are verified.
2.The user’s authority to use the workstation is checked.
3.The system verifies authority for the values in the user profile and in the user’s job 
    description that are used to build the job structure, such as: job description, output queue, current library, libraries in library list.

After the job is started, these steps are performed before the user sees the first display or menu:
1.If the routing entry for the job specifies a user program, normal authority checking is done for the program, the program library, and any objects used by the program.
2.If the routing entry specifies the command processor (QCMD):
a.Authority checking is done for the QCMD processor program, the program library, and any objects used, as described in step 1
b.The user’s authority to the Attention-key-handling program and library is checked
c.Normal authority checking is done for the initial program (and its associated objects) specified in the user profile
d.Normal authority checking is done for the initial menu (and its associated objects) specified in the user profile

If the user has the capability, a keyed menu name overrides the menu name in the user profile. *SIGNOFF is a valid menu name. It causes the user to be signed off. Menu name may not be blank.

1. 
   

Installed Software

Notes:

To see a listing of the IBM LPP’s (Licensed Program Products) installed on a system you can use both a 5250 green screen interface as well as System I Navigator.

To display this information using a 5250 emulation session issue the command ‘Go LICPGM’ then select option 10 – Display installed software. The command that is being called by this menu option is DSPSFWRSC (Display Software Resources).

To display this information using System i Navigator to view of all software installed on a system. You can display this by:

1.Expanding system folder under My Connections

2.Expanding Configuration and Service

3.Expanding Software

4.Clicking Installed Products

Power Hypervisor

System i servers work with a different structure when compared to the previous technologies used with AS/400 and iSeries servers. 

Above the POWER5 technology-based hardware is a code layer called the POWER Hypervisor. 

This code is part of the firmware shipped with the System i hardware. 

The POWER Hypervisor resides in flash memory on the Service Processor. 

This firmware performs the initialization and configuration of the System i hardware, as well as the virtualization 

support required to run up to 254 partitions concurrently on the System i servers. 

Partition Licensed Internal Code (PLIC) allows for management of multiple partitions of the System i hardware. 

It is included as part of the POWER Hypervisor.

The layers above the POWER Hypervisor are different for each supported operating system. 

The layers of code supporting Linux and AIX 5L consist of System Firmware and Run-Time Abstraction 

Services (RTAS).

Single Level Storage

All system storage (whether main storage or disk storage) is addressed in the same way. 

This single, device-independent addressing mechanism means that objects are referred to by name or name and library, never by disk location. 

All objects are created as if they reside in a 18,446,744,000,000,000,000 byte address space. That's 18.4 quintillion bytes!

The System i's virtual addressing is independent of an object's physical location, and the type, capacity, and number of disk units on the system.

What this means is that application programs do not require modification in order to take advantage of new storage technologies. 

Users can leave all storage management entirely to the machine.