Function Usage Replaces Application Administration in New Navigator for i

In the 

Heritage Version

 of Navigator for i, Application Administration was used to allow or deny user access to functions—among them, the ability to customize what tasks were available to users in the Navigator console. Application Administration in Navigator for i had been ported from the original Client Access support and featured a very dated and cumbersome user interface. 

In New Navigator, IBM dropped Application Administration and provides the Function Usage task to allow or deny users access to features. This is a great change and is much more usable than the old Application Administration. The old Application Administration used function usage support under the covers, so the capabilities are essentially the same, just with a different name and now an improved user interface.

Function Usage is found within the Security tasks in New Navigator, as seen in Figure 1.

Figure 1

When using Function Usage to customize access to tasks in the New Navigator, the function IDs are not the same as the ones used in the Heritage Navigator. If you had customized access to tasks in the Heritage Navigator using Application Administration, you must redo those customizations for New Navigator. 

While this is an inconvenience, it’s a good change. Over the years, the function usage IDs associated with Navigator for i became somewhat inconsistent and confusing. IBM decided to clean this up with New Navigator. The prior function usage IDs used with the Heritage Navigator continue to exist, they just don’t apply to the New Navigator. 

The function IDs supported by New Navigator are for high-level categories within Navigator. For example, QIBM_NAV_WRK_MGT can be used to allow or deny access to all the tasks within the work management category. At this point, all of the supported function IDs are only for high-level categories. If you think more granular support is needed, let IBM know. The default for all the categories except Serviceability is to allow access to the function.

To make it easy to understand which function IDs are used for New Nav, they all have the product ID of QIBM_NAV; you can filter on this product ID to only see the function IDs that customize access to New Nav categories.

To customize access using Function Usage, right click on the function ID of interest and take Change. This will bring up a panel where you can customize the access for user profiles of your choice. You can browse for user profiles and select one or more from the resulting list. If you know the name of the user profiles you wish to customize, you can type the user profile name(s) into the Profile(s) text box (separate multiple user profiles with a space). You then allow or deny access to the selected user profiles. In Figure 2, you can see that access has been denied to the work management tasks for user profiles DAWNUSER and DAWN.

Figure 2

 
When you’re finished customizing access to a category, you’ll see a YES in the Profiles Allowed / Denied column, which indicates the usage has been customized.

Once a customization is made to deny access to a task in New Navigator, that user can still view that major category in New Nav. However, if the user selects a task from within that category, they will receive an error message that the function has been restricted, as Figure 3 shows. 

Figure 3

 
For further reading on Function Usage, see the following:

IBM i Services for Function Usage Information
New Function Usage IDs
Function Usage Capabilities, Part 2
Function Usage Capabilities
Archived article: Granular security control with function usage

Verified by MonsterInsights