The Object Rules screen allows you to create, modify, and delete Object Rules that pertain to Users or Locations. Object Rules can be active or inactive.
How to get there
Click the Object Rules tab on the Navigation Pane on the left side of the browser window.
Options
Selection, sorting, filtering, deleting, and navigation features on this screen are described in Using the Web Browser Interface. Click an Object Rule to open the Edit Object Rules screen where you can edit the Object Rule.
Add
Choose Add to open the New Object Rule screen where you can define a new user rule.
[Actions]
Click  next to an Object Rule to show Actions.
 next to an Object Rule to show Actions.
- Edit. Choose Edit to open the Edit Object Rule screen where you can edit the Object Rule.
- Copy. Choose Copy to open the Copy Object Rule screen, where you can select the system(s) you would like to copy the Object Rule to.
- Delete. Choose Delete to delete the Object Rule.
- Close. Choose Close to dismiss the Action Pane.
Column Descriptions
User/Location column
                                             
                                        
This column lists the user or location of the rule.
A  icon indicates a User rule. User represents the identity of the person initiating a transaction as a user profile.  The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. When used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.
 icon indicates a User rule. User represents the identity of the person initiating a transaction as a user profile.  The special value *PUBLIC, when used on a rule, means that the rule applies to any User lacking a specific rule. When used as a subset or selection parameter, *PUBLIC means to select all such rules for display or printing.
An  icon indicates a Location Rule. The location is the name of the location for which authority is being specified. The location can be an SNA device, an IP address, an IP Address Group, or the special value '*ALL'. If specifying an IP address, enter either the full IP address or a generic IP address using an asterisk as the final character. IP Address Groups must be established prior to their entry on this screen (see IP Address Groups).
 icon indicates a Location Rule. The location is the name of the location for which authority is being specified. The location can be an SNA device, an IP address, an IP Address Group, or the special value '*ALL'. If specifying an IP address, enter either the full IP address or a generic IP address using an asterisk as the final character. IP Address Groups must be established prior to their entry on this screen (see IP Address Groups).
Status/Object List Name/Operation
                                             
                                        
The name of the Object List assigned to the object rule. See Object Lists screen.
The operation to which the rule applies.
Authority
                                             
                                        
Authority represents the action to be taken when a rule is found that matches the data present on a transaction. Two values are listed for each Object Rule, one for Object Accesses and one for Data Accesses.
The valid values are:
Audit
The Audit flag controls the logging of transactions to the Log Journal set up on the work with Network Security System Values panel. Two values are listed for each Object Rule, one for Object Accesses and one for Data Accesses.
The valid values are:
 The transaction will be logged to the Log Journal.
 The transaction will be logged to the Log Journal.   The transaction will not be logged to the Log Journal.
 The transaction will not be logged to the Log Journal.   The default value from a prior rule will control the logging.
 The default value from a prior rule will control the logging.  Message
The Send messages flag controls the sending of messages to the Log Message Queue set up on the Work with Network Security System Values panel. Two values are listed for each Object Rule, one for Object Accesses and one for Data Accesses.
The valid values are:
 A log message will be sent to the Log Message Queue.
 A log message will be sent to the Log Message Queue.   A log message will not be sent to the Log Message Queue.
 A log message will not be sent to the Log Message Queue.   The default value from a prior rule will control the logging.
 The default value from a prior rule will control the logging.  Capture
Capture transactions flag controls whether transactions are remembered in Network Security for later memorization. Once captured, transactions can become Memorized Transactions which can act as rules. Two values are listed for each Object Rule: one for Object Accesses and one for Data Accesses.
The valid values are:
 A log message will be sent to the Log Message Queue.
 A log message will be sent to the Log Message Queue.  A log message will not be sent to the Log Message Queue.
  A log message will not be sent to the Log Message Queue. The default value from a prior rule will control the logging.
 The default value from a prior rule will control the logging. 
                                              
