Page Comparison

The administrative domain in PowerHA synchronizes security and configuration resources across cluster nodes in the environment. The system requires these objects at all times, so they do not make sense in an independent auxiliary storage pool (IASP). Common examples of these resources include User Profiles, Authorization Lists, Job Descriptions, Subsystem Descriptions, and Printer Device Descriptions.

...

Expand

title	Network Attributes (*NETA)

The following attributes can be monitored for network attributes:

Attribute Name	Description
ALWADDCLU	Allow add to cluster
DDMACC	DDM/DRDA request access
NWSDOMAIN	Network server domain
PCSACC	Client request access

Note: Each network attribute is treated as its own monitored resource entry. The resource type and attribute names are identical for these.

Expand

title	Network Server Configuration (*NWSCFG)

Note: There are different types of network server configuration objects. Depending on the type, different attributes may be monitored.

The following attributes can be monitored for network server configurations for service processors:

Attribute Name	Description
EID	Enclosure identifier
INZSP	Initialize service processor
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
SPAUT	Service processor authority
SPCERTID	Service processor certificate identifier
SPINTNETA	Service processor Internet address
SPNAME	Service processor name
TEXT	Text description

The following attributes can be monitored for network server configurations for remote systems:

Attribute Name	Description
BOOTDEVID	Boot device identifier
CHAPAUT	Target CHAP authentication
DELIVERY	Delivery method
DYNBOOTOPT	Dynamic boot options
INRCHAPAUT	Initiator CHAP authentication
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
RMTIFC	Remote interfaces
RMTSYSID	Remote system identifier
SPNWSCFG	Service processor network server configuration that is used to manage the remote server
TEXT	Text description

The following attributes can be monitored for network server configurations for connection security:

Attribute Name	Description
IPSECRULE	IP security rules
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
TEXT	Text description

Expand

title	Network Server Descriptions (*NWSD)

Note: There are different types of network server description objects. Depending on the type, different attributes may be monitored.

The following attributes can be monitored for network server descriptions for integrated network servers:

Attribute Name	Description
ALWDEVRSC	Allowed device resources
CFGFILE	Configuration file
CODEPAGE	ASCII code page representing the character set to be used by this network server
EVTLOG	Event log
MSGQ	Message queue
NWSSTGL	Storage space links
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
PRPDMNUSR	Propagate domain user
RSRCNAME	Resource name
RSTDDEVRSC	Restricted device resources
SHUTDTIMO	Shut down time out
SYNCTIME	Synchronize date and time
TCPDMNNAME	TCP/IP local domain name
TCPHOSTNAM	TCP/IP host name
TCPPORTCFG	TCP/IP port configuration
TCPNAMSVR	TCP/IP name server system
TEXT	Text description
VRYWAIT	Vary on wait
WINDOWSNT	Windows network server description

The following attributes can be monitored for network server descriptions for integrated network servers (server operating system *AUX):

Attribute Name	Description
CODEPAGE	ASCII code page representing the character set to be used by this network server
DSBUSRPRF	Disable user profiles
EVTLOG	Event log
MSGQ	Message queue
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
PRPDMNUSR	Propagate domain user
RSRCNAME	Resource name
SHUTDTIMO	Shut down time out
SRVOPT	Serviceability options
SYNCTIME	Synchronize date and time
TCPDMNNAME	TCP/IP local domain name
TCPHOSTNAM	TCP/IP host name
TCPPORTCFG	TCP/IP port configuration
TEXT	Text description
VRYWAIT	Vary on wait

The following attributes can be monitored for network server descriptions for iSCSI connections:

Attribute Name	Description
ACTTMR	Activation timer
ALWDEVRSC	Allowed device resources
CFGFILE	Configuration file
CMNMSGQ	Communications message queue
CODEPAGE	ASCII code page representing the character set to be used by this network server
DFTSECRULE	Default IP security rule
DFTSTGPTH	Default storage path
EVTLOG	Event log
MLTPTHGRP	Multi-path group
MSGQ	Message queue
NWSCFG	Network server configuration
NWSSTGL	Storage space links
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
PRPDMNUSR	Propagate domain user
RMVMEDPTH	Removable media path
RSRCNAME	Resource name
RSTDDEVRSC	Restricted device resources
SHUTDTIMO	Shut down time out
STGPTH	iSCSI storage paths of the network server
SVROPT	Serviceability options
SYNCTIME	Synchronize date and time
TCPDMNNAME	TCP/IP local domain name
TCPHOSTNAM	TCP/IP host name
TCPNAMSVR	TCP/IP name server system
TCPPORTCFG	TCP/IP port configuration
TEXT	Text description
VRTETHCTLP	Virtual Ethernet control port
VRTETHPTH	Virtual Ethernet path
VRYWAIT	Vary on wait

...

Expand

title	Printer Device Descriptions (*PRTDEV)

Note: There are different types of printer device description objects. Depending on the type, different attributes may be monitored.

The following attributes can be monitored for printer device descriptions for *LAN connections:

Attribute Name	Description
ACTTMR	Activation timer
ADPTADR	LAN remote adapter address
ADPTTYPE	Adapter type
ADPTCNNTYP	Adapter connection type
AFP	Advanced function printing
CHRID	Character identifier
FONT	Font
FORMFEED	Formfeed
IMGCFG	Image configuration
INACTTMR	Inactivity timer
LNGTYPE	Language type
LOCADR	Location location address
MAXPNDRQS	Maximum pending request
MFRTYPMDL	Manufacturer type and model
MSGQ	Message queue
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
ONLINE	Online at IPL
PORT	Port number
PRTERRMSG	Print error message
PUBLISHINF	Publishing information
RMTLOCNAME	Remote location
SEPDRAWER	Separator drawer
SEPPGM	Separator program
SNMPUSR	SNMP user name
SNMPCNTX	SNMP context name
SWTLINLST	Switched line list
SYSDRVPGM	System driver program
TEXT	Text description
TRANSFORM	Host printer transform
USRDFNOBJ	User-defined object
USRDFNOPT	User-defined options
USRDRVPGM	User-defined driver program
USRDTATFM	Data transform program
WSCST	Workstation customizing object

The following attributes can be monitored for printer device descriptions for *VRT connections:

Attribute Name	Description
CHRID	Character identifier
FORMFEED	Form feed
IGCFEAT	DBCS FEATURE
IMGCFG	Image configuration
MAXLENRU	Maximum length of request unit
MFRTYPMDL	Manufacturer type and model
MSGQ	Message queue
OBJAUTE	Authority entry
OBJAUTL	Authorization list
OBJOWNER	Object owner
OBJPGP	Primary group
ONLINE	Online at IPL
PRTERRMSG	Print error message
PUBLISHINF	Publishing information
SEPDRAWER	Separator drawer
SEPPGM	Separator program
TEXT	Text description
TRANSFORM	Host print transform
USRDFNOBJ	User-defined object
USRDFNOPT	User-defined options
USRDRVPGM	User-defined driver program
USRDTAFM	Data transform program
WSCST	Workstation customizing object
SEPPGM	Separator program
SWTLINLST	Switched line list
SYSDRVPGM	System driver program
TEXT	Text description
TRANSFORM	Host printer transform
USRDFNOBJ	User-defined object
USRDFNOPT	User-defined options
USRDRVPGM	User-defined driver program
USRDTATFM	Data transform program
WSCST	Workstation customizing object

...

Expand

title	System Environment Variables (*ENVVAR)

The following attributes can be monitored for system environment variables:

Attribute Name	Description
	Any *SYS level environment variable can be monitored. The attribute and resource name are both the same as the environment variable's name.

Note: Each environment variable is treated as its own monitored resource entry. The resource type and attribute names are identical for these.

Expand

title	System Vaues (*SYSVAL)

The following attributes can be monitored for system values:

Attribute Name	Description
QACGLVL	Accounting level
QACTJOBITP	Allow jobs to be interrupted
QALWOBJRST	Prevents anyone from restoring a system-state object or an object that adopts authority
QALWUSRDMN	Allows user domain objects
QASTLVL	Assistance level
QATNPGM	Attention program
QAUDCTL	Audit control
QAUDENDACN	Audit journal error action
QAUDFRCLVL	Auditing force level
QAUDLVL	Auditing level
QAUDLVL2	Auditing level extension
QAUTOCFG	Automatic device configuration
QAUTORMT	Remote controllers and devices
QAUTOVRT	Automatic virtual device configuration
QCCSID	Coded character set identifier
QCFGMSGQ	Message queue for lines, controllers, and devices
QCHRID	Default graphic character set and code page used for displaying or printing data
QCHRIDCTL	Character identifier control for the job
QCMNRCYLMT	Automatic communications error recovery
QCNTRYID	Country or region identifier
QCRTAUT	Authority for new objects
QCRTOBJAUD	Auditing new objects
QCTLSBSD	Controlling subsystem or library
QCURSYM	Currency symbol
QDATFMT	Date format
QDATSEP	Date separator
QDBRCVYWT	Wait for database recovery before completing restart
QDECFMT	Decimal format
QDEVNAMING	Device naming convention
QDEVRCYACN	Device recovery action
QDSCJOBITV	Time out interval for disconnected jobs
QDSPSGNINF	Controls the display of sign-on information
QENDJOBLMT	Maximum time for immediate end
QFRCCVNRST	Force conversion on restore
QHSTLOGSIZ	History log file size
QIGCCDEFNT	Coded font name
QIGCFNTSIZ	Coded font point size
QINACTITV	Inactive job time-out interval
QINACTMSGQ	Timeout interval action
QIPLTYPE	Type of restart
QJOBMSGQFL	Job message queue full action
QJOBMSGQMX	Job message queue maximum size
QJOBMSGQSZ	Initial size of job message queue in kilobytes (KB)
QJOBMSGQTL	Maximum size of job message queue (in KB)
QJOBSPLA	Initial size of spooling control block for a job (in bytes)
QKBDBUF	Keyboard buffer
QKBDTYPE	Keyboard language character set
QLANGID	Default language identifier
QLIBLCKLVL	Lock libraries in a user job's library search list
QLMTDEVSSN	Limit device sessions
QLMTSECOFR	Limit security officer device access
QLOCALE	Locale
QLOGOUTPUT	Produce printer output for job log
QMAXACTLVL	Maximum activity level of the system
QMAXJOB	Maximum number of jobs that are allowed on the system
QMAXSGNACN	The system's response when the limit imposed by QMAXSIGN system value is reached
QMAXSIGN	Maximum number of not valid sign-on attempts allowed
QMAXSPLF	Maximum printer output files
QMLTTHDACN	When a function in a multithreaded job is not threadsafe
QPASTHRSVR	Available display station pass-through server jobs
QPRBFTR	Problem log filter
QPRBHLDITV	Minimum retention
QPRTDEV	Default printer
QPRTKEYFMT	Print key format
QPRTTXT	Up to 30 characters of text that can be printed at the bottom of listings and separator pages
QPWDCHGBLK	Minimum time between password changes
QPWDEXPITV	Number of days for which a password is valid
QPWDEXPWRN	Password expiration warning interval system
QPWDLMTACJ	Limits the use of adjacent numbers in a password
QPWDLMTCHR	Limits the use of certain characters in a password
QPWDLMTREP	Limits the use of repeating characters in a password
QPWDLVL	Password level
QPWDMAXLEN	Maximum number of characters in a password
QPWDMINLEN	Minimum number of characters in a password
QPWDPOSDIF	Controls the position of characters in a new password
QPWDRQDDGT	Require a number in a new password
QPWDRQDDIF	Controls whether the password must be different from the previous passwords
QPWDRULES	Password rules
QPWDVLDPGM	Password approval program
QPWRDWNLMT	Maximum time for immediate shutdown
QRCLSPLSTG	Automatically clean up unused printer output storage
QRETSVRSEC	Retain server security data indicator
QRMTSIGN	Remote sign-on
QRMTSRVATR	Remote service attribute
QSCANFS	Scan file systems
QSCANFSCTL	Scan control
QSCPFCONS	Console problem occurs
QSECURITY	System security level
QSETJOBATR	Set job attributes
QSFWERRLOG	Software error log
QSHRMEMCTL	Allow use of shared or mapped memory with write capability
QSPCENV	Default user environment
QSPLFACN	Spooled file action
QSRTSEQ	Sort sequence
QSRVDMP	Service log for unmonitored escape messages
QSSLCSL	Secure Sockets Layer cipher specification list
QSSLCSLCTL	Secure Sockets Layer cipher control
QSSLPCL	Secure Sockets Layer protocols
QSTRUPPGM	Set startup program
QSTSMSG	Display status messages
QSYSLIBL	System library list
QTIMSEP	Time separator
QTSEPOOL	Indicates whether interactive jobs should be moved to another main storage pool when they reach time slice end
QUPSMSGQ	Uninterruptible power supply message queue
QUSEADPAUT	Use adopted authority
QUSRLIBL	User part of the library list
QVFYOBJRST	Verify object on restore

Note: Each system value is treated as its own monitored resource entry. The resource type and attribute names are identical for these.

...

Expand

title	TCP/IP Attributes (*TCPA)

The following attributes can be monitored for TCP/IP attributes:

Attribute Name	Description
ARPTIMO	Address resolution protocol (ARP) cache timeout
ECN	Enable explicit congestion notification (ECN)
IP6TMPAXP	IPv6 temporary address excluded prefix
IPDEADGATE	IP dead gateway detection
IPDTGFWD	IP datagram forwarding
IPPATHMTU	Path maximum transmission unit (MTU) discovery
IPQOSBCH	IP QoS datagram batching
IPQOSENB	IP QoS enablement
IPQOSTMR	IP QoS timer resolution
IPRSBTIMO	IP reassembly timeout
IPSRCRTG	IP source routing
IPTTL	IP time to live (hop limit)
LOGPCLERR	Log protocol errors
NFC	Network file cache
TCPCLOTIMO	TCP time-wait timeout
TCPCNNMSG	TCP close connection message
TCPKEEPALV	TCP keep alive
TCPMINRTM	TCP minimum retransmit time
TCPR1CNT	TCP R1 retransmission count
TCPR2CNT	TCP R2 retransmission count
TCPRCVBUF	TCP receive buffer size
TCPSNDBUF	TCP send buffer size
TCPURGPTR	TCP urgent pointer
UDPCKS	UDP checksum

Note: Each TCP/IP attribute is treated as its own monitored resource entry. The resource type and attribute names are identical for these.

Expand

title	User Profiles (*USRPRF)

The following attributes can be monitored for user profiles:

Attribute Name	Description
ACGCDE	Accounting code
ASTLVL	Assistance level
ATNPGM	Attention program
AUDLVL	User action auditing¹
CCSID	Coded character set ID
CHRIDCTL	Character identifier control
CNTRYID	Country or region ID
CURLIB	Current® library
DLVRY	Delivery
DSPSGNINF	Display sign-on information
GID	Group ID number
GRPAUT	Group authority
GRPAUTTYP	Group authority type
GRPPRF	Group profile
HOMEDIR	Home directory
INLMNU	Initial menu
INLPGM	Initial program to call
JOBD	Job description
KBDBUF	Keyboard buffering
LANGID	Language ID
LCLPWDMGT	Local password management
LMTCPB	Limit capabilities
LMTDEVSSN	Limit device sessions
LOCALE	Locale
MAXSIGN	Maximum sign-on attempts²
MAXSTG	Maximum allowed storage
MAXSTGLRG	Maximum allowed storage large
MSGQ	Message queue
OBJAUD	Object auditing value¹
OBJAUTE	Authority entry
OBJOWNER	Object owner
OBJPGP	Primary group
OUTQ	Output queue
OWNER	Owner
PASSWORD	User password
PRTDEV	Print device
PTYLMT	Highest schedule priority
PWDEXP	Set password to expired
PWDEXPITV	Password expiration interval
SETJOBATR	Locale job attributes
SEV	Severity code filter
SPCAUT	Special authority
SPCENV	Special environment
SRTSEQ	Sort sequence
STATUS	Status
SUPGRPPRF	Supplemental groups
TEXT	Text description
UID	User ID number
USRCLS	User class
USREXPDATE	User expiration date
USREXPITV	User expiration interval
USROPT	User options

¹Attribute OBJAUD and AUDLVL for user profiles can be added at cluster version 9.9 or greater.

²Attribute MAXSIGN for user profiles can be added at cluster version 10.9 or greater.

See the following pages for additional information on configuring and managing the Administrative Domain:

...

Versions Compared

Old Version 2

New Version Current

Key