AS/400’s Adopted authority feature allows users to adopt the authority of a program’s owner while the program is running. It allows users to be given temporary (indirect) authority to objects, while under the control of a program with restricted functionality, rather than having permanent and direct access to the objects concerned.

The program called that returns a listing of all user profiles that have their password equal to their profile name.

The program called when the user presses the Attention key. The program may allow the user, for example, to gain access to the command line.

Define the operations that can be performed on the contents of an object. Also see ‘Object Authorities’.

Group profiles are used to give multiple users the same set of access authorities. Authorities defined to a Group profile are overridden by those defined in the User profile.

Some types of profile, such as Group profiles and some of the IBM-supplied (Q.) profiles, are not normally used to sign-on to a system. They are typically used for grouping together those users with similar access requirements, or used internally by OS/400 itself.

An Initial Program is often used to set up the application environment or ensure the user can only run one program and never sees a menu. The Initial Menu is the first menu the user sees after signing on to the system. It is displayed after the user’s Initial Program has executed.

Limited Capability can be set to control the users ability to change their Initial Program, initial Menu and current library.

The SekChek output file for Object Authorities. The file is called ‘objaut.txt’. See also ‘Object Authorities’.

Define the operations that can be performed on an object as a whole. Also see ‘Data Authorities’.

The filename given by SekChek for ‘Adopted Authorities’ data. The file is called ‘pgmadp.txt’. See also ‘Adopted Authority’.

The filename given by SekChek for data on profiles and important related information. The file is called ‘profbas.txt’.

The filename given by SekChek to the set of compressed and encrypted files extracted from AS/400 systems. SCK files are encrypted with SekChek’s Public Key using industry-standard algorithms, such as RSA and 3-DES. They can only be decrypted at SekChek’s premises with the corresponding non-exportable Private Key.

SCK files are created when the ‘Public Key Encryption’ option is enabled in the SekChek Client software on your PC. This is the recommended option.

The filename given by SekChek to the set of compressed and encrypted files extracted from AS/400 systems.

ZIP files are created when the ‘Public Key Encryption’ option is disabled (unchecked) in the SekChek Client software on your PC. For improved security, we recommend that you enable this option. Refer to the definition of SEKASF.SCK files for more information.

The filename given by SekChek to the set of compressed and encrypted files containing your SekChek reports. SDE files are symmetrically encrypted with industry-standard algorithms, such as DES.

The filename given by SekChek for SekChek’s logfile. The file is called ‘seklog.txt’.

The capability of signing-on to multiple workstations at the same time.

The authorities (rights) assigned to profiles (group or user) defined to the system. I.e. they include Special Authorities granted directly to the profile as well as authorities that are inherited indirectly through Group membership. An example of a Special Authority is the right to ‘Access all system resources’.

The filename given by SekChek for data listing active ‘System Services’. The file is called ‘srvtble.txt’.

The system-wide security defaults (System Values) defined for the system. System Values can be seen as the default policy settings for the system. They can be overridden at profile level. An example is the default ‘Minimum password length’ which is set with the system parameter ‘QPWDMINLEN’.

The filename given by SekChek for the ‘System Values’ data. The file is called ‘sysvals.txt’. See also ‘System Values’.

When created, user profiles belong to a ‘User Class’. Different ‘User Classes’ will grant certain default rights to the user. For example, a ‘User Class’ of SECADM will grant powerful rights (Special Authorities) by default. See also ‘Special Authorities’.

A user profile is the user account with all its associated privileges and settings for a user. See also ‘Group Profile’.