Memorized Transactions are processed by Network Security only when a Filter Rule's Authority setting instructs Network Security to check them, and they have an *ACTIVE status. When the Filter Rule's Authority setting does not begin with *MEM, Memorized Transactions will not be processed even though some may exist and have an *ACTIVE status. When a Filter Rule's Authority setting begins with *MEM, the active Memorized Transactions that have the same Server, Function, and User or Location values will be processed before the Filter Rules. The portion of the Authority setting that follows *MEM indicates what action to take if no active Memorized Transaction matches the incoming transaction data: REJECT means to reject the transaction, OS400 means to allow it to fall through to the operating system, and SWITCH means to run using the authority of another user profile and fall through to the operating system.
Think of a given combination of Server, Function, and User or Location as the identifier of a "pool" of transactions. There may be a mix of active and inactive transactions in the pool, but only active transactions are matched to incoming transactions.
When a pool of transactions gains its first active transaction, a Filter Rule with matching Server, Function, and User or Location values will be created with *MEMOS400 authority (if one does not exist), or an existing Filter Rule will have its Authority setting modified to begin with *MEM. This is done to initially allow processing of Memorized Transactions for the Server, Function, and User or Location. You may subsequently "turn off" processing of Memorized Transactions by removing the "MEM" from the Authority setting on the associated Filter Rule. The "MEM" portion of the Authority settings will be automatically removed when the pool loses its last active transaction (there are no more active transactions to process). Between the time the first active transaction enters the pool and the last active transaction leaves the pool, the Authority setting on the associated Filter Rule will not be altered by Network Security.
Authority Filter Properties Example
For example, any attempt by the general public to use the FTP server is allowed (to the extent that the user's authority allows the transaction to occur). However, if user PABLOT attempts to use the RECFILE function of the FTP server, Network Security looks at the transactions that have been memorized for the FTP server and rejects the attempt—the *MEM portion of the Authority value of *MEMREJECT.) The REJECT portion of *MEMREJECT says that if a memorized transaction is not found for user PABLOT that exactly matches the incoming transaction, the incoming transaction is rejected.
If Network Security finds a memorized transaction that exactly matches the incoming transaction for the specified user, it takes the action defined by the Authority property in the memorized transaction.
Network Security provides the following Authority values for a memorized transaction:
*MEMOS400
If the transaction does not match any memorized transactions, the transaction is allowed to the extent that OS/400 security allows the transaction.
*MEMSWITCH
If the transaction does not match any memorized transactions, the job is switched to the specified user profile before allowing the transaction. A switch profile entry is required.
*MEMUSR
If the transaction does not match any memorized transactions, Network Security looks for a user rule to determine whether the transaction is allowed. *MEMUSR is valid only when working with location authorities.
*SRVFCN
The value used is stored in the Server Function File (select SP on the Server Properties screen).
*MEMOBJ
If the transaction does not match any memorized transactions, Network Security looks for an object rule for a user or location.
Previous 