Terminology

Application

An application is a collection of functional security codes. MD product application codes are automatically opened in MDSEC and contain all security codes for the authorization to MDChange functions. Application md contains the default and general authorizations for the MD products.

Additionally, an MDSEC application will be created for each MDCMS Application.

Level

The level represents an instance, or environment, of an application (development, test, production, etc.). The general application md doesn't contain levels, but each MDCMS Promotion level defined for an organization can have certain security functions limited to specific levels for a given user role.

Code

The application code is a security code that represents a function that requires authorization within MDSEC. The full list of codes is available in Appendix B.

User Role

A user role is a collection of authorities. When a role is granted authority to 1 or more codes, every user having the role is automatically granted the same authority to those codes.

A user may belong to multiple roles, thus having authority to all codes granted to each role that the user belongs to.

The standard list of User Roles and an overview of their default capabilities is available in Appendix A.

User

A user is one of the following: - A profile that exists as an IBM i User Profile on the system - A profile that exists virtually within MDSEC for usage of MDWorkflow - A virtual service profile for tracking transactions.

For a user to have access to the MDChange products, they must be registered in MDSEC. Their ability within the products is then granularly handled by the User Roles that they are members of.