OS/2 LAN Server access security is used to assign, verify, and enforce access to resources for each user or group ID. (Access privileges must be granted by a user with administrative authority.)

Many APIs have access restrictions and require administrative authority to be invoked. These types of APIs usually retrieve or set sensitive data or control key network services. Specific access requirements are specified under the Restrictions section of each API described in this book. LAN Server provides the following types of access protection at the API level:

• Administrative privilege level, which includes full access
  
• Various access privilege levels for remote API function calls
  
• Various access privilege levels for local API function calls if Local Security is installed

Most of the APIs can be run on local or remote workstations, provided that the required software services are running. Access restrictions are not enforced for local calls to LAN Server APIs unless Local Security is installed on the server.

The LAN Server access control subsystem (ACS) controls the domain-wide access of resources by users and groups. LAN Server maintains users, groups, and resource access controls in a user accounts subsystem (UAS) database.