The rules pertaining to each clause in the syntax are listed as follows.
name is security-class-name
Identifies a new SECURITY CLASS to be added to the CCDB or an existing SECURITY CLASS to be modified, deleted, displayed, or punched. The security-class-name is a 1 to 16-character alphanumeric value. For ADD and DELETE commands, this clause is required and must specify a unique security class within the CCDB; for all other operations, this clause is optional or may be specified with valid name masking specifications as described in Chapter 1.
Important! Do not delete either of the security classes named in the dictionary description, nor the one identified in the CCDB Administrator's User descriptor record.
authorization functions
The function clauses define from three to nine switches each, which can be turned on by specifying a Y to indicate permission granted for the function or turned off by specifying an N to indicate permission is denied for the function. Note that Browse authority controls both MIS Online selection of Browse options and MIS Batch Display and Punch commands, where applicable. See Usage section for additional information.
|
Authorization Function |
Switch |
Function |
|---|---|---|
|
SIGNout |
1 |
Browse signed out entities |
|
|
2 |
Signout entities |
|
|
3 |
Signin entities |
|
PREauthorization functions |
1 |
Browse Preauthorizations |
|
|
2 |
Add Preauthorizations |
|
|
3 |
Delete Preauthorizations |
|
|
4 |
Modify Preauthorizations |
|
LOCk functions (MIS Online only) |
1 |
Browse locked users |
|
|
2 |
Lock users |
|
|
3 |
Unlock users |
|
|
4 |
Browse locked CCIDs |
|
|
5 |
Lock CCIDs |
|
|
6 |
Unlock CCIDs |
|
|
7 |
Browse locked dictionaries |
|
|
8 |
Lock dictionaries |
|
|
9 |
Unlock dictionaries |
|
ENTity functions |
1 |
Browse entity descriptors |
|
|
2 |
Add entity descriptor |
|
|
3 |
Modify entity descriptor |
|
|
4 |
Delete entity descriptor |
|
|
5 |
Browse entity change history |
|
|
6 |
Browse entity status history |
|
CCId functions |
1 |
Browse CCID descriptors |
|
|
2 |
Add CCID descriptor |
|
|
3 |
Modify CCID descriptor |
|
|
4 |
Delete CCID descriptor |
|
|
5 |
Browse CCID/change associations |
|
|
6 |
Add CCID/change associations |
|
|
7 |
Modify CCID/change associations |
|
|
8 |
Delete CCID/change associations |
|
|
9 |
Browse entity status for CCID |
|
STAtus functions |
1 |
Browse Status descriptors |
|
|
2 |
Add status descriptor |
|
|
3 |
Modify status descriptor |
|
|
4 |
Delete status descriptor |
|
|
5 |
Browse status/entity associations |
|
|
6 |
Add status/entity associations |
|
|
7 |
Modify status/entity associations |
|
|
8 |
Delete status/entity associations |
|
USEr functions |
1 |
Browse User descriptors |
|
|
2 |
Add User descriptor |
|
|
3 |
Modify user descriptor |
|
|
4 |
Delete User descriptor |
|
|
5 |
Browse User/change associations |
|
|
6 |
Add User/change associations |
|
|
7 |
Modify User/change associations |
|
|
8 |
Delete User/change associations |
|
DICtionary functions |
1 |
Browse dictionary descriptors |
|
|
2 |
Modify dictionary descriptors |
|
|
3 |
Delete dictionary descriptors |
|
|
4 |
Browse change log entries |
|
|
5 |
Modify change log entries |
|
|
6 |
Delete change log entries |
|
MANagement group functions |
1 |
Browse management group descriptors |
|
|
2 |
Add management group descriptors |
|
|
3 |
Modify management group descriptors |
|
|
4 |
Delete management group descriptors |
|
|
5 |
Browse management group/CCID associations |
|
|
6 |
Add management group/CCID associations |
|
|
7 |
Delete management group/CCID associations |
|
|
8 |
Delete management group/CCID associations |
|
CONtrol functions |
1 |
Browse CCDB descriptors |
|
|
2 |
Modify CCDB descriptors |
|
|
3 |
Browse security descriptors |
|
|
4 |
Add security descriptors |
|
|
5 |
Modify security descriptors |
|
|
6 |
Delete security descriptors |
|
|
7 |
Browse monitor dictionary status blocks |
|
|
8 |
Modify monitor dictionary status blocks |
DERive ccid is
Determines how CA Endevor/DB will handle CCIDs and change logging.
Y -- CCIDs are ignored at CA Endevor/DB signon. When an entity is modified, the CCDB is checked to see if a CCID is associated with the entity (through the PREAUTHORIZATION DERIVE CCID IS Y clause); if so, the change log entry created in the CCDB will be marked with the associated CCID.
N -- User must perform an CA Endevor/DB signon and specify a CCID in order to cause change log entries to be marked with a CCID.
SIGnin is
Establishes permission level for entity signout/signin for other users and/or CCIDs.
Y -- Signout/Signin entities for other users and/or CCIDs is allowed.
N -- Signout/Signin entities for other users and/or CCIDs is not allowed.
SO-Ccid is
Used in conjunction with the dictionary descriptor's AUTO-SO indicator to control automatic signout of entities to a CCID. If AUTO-SO is not in effect (N), this clause has no effect; if AUTO-SO is in effect (Y), this switch is used in conjunction with the SO-USER switch to determine to whom an entity is signed out.
Y -- If SO-USER is N, signout the entity to the first CCID that the user who modified the entity was signed on under; If SO-USER is Y, this switch is ignored.
N -- No automatic signout to a CCID is in effect.
SO-User is
Used in conjunction with the dictionary descriptor's AUTO-SO indicator to control automatic signout of entities to a User. If AUTO-SO is not in effect (N), this clause has no effect; if AUTO-SO is in effect (Y), this switch is used in conjunction with the SO-CCID switch to determine to whom an entity is signed out.
Y -- Automatic signout is in effect to the user who modified the entity.
N -- If SO-CCID is Y, automatic signout is in effect to the CCID; if SO-CCID is N, automatic signout is in effect to the user who modified the entity.
NO-Ccid is
Determines the requirements for specifying a CCID.
Y -- Changes may be made without a known CCID.
N -- A CCID must be specified in an CA Endevor/DB SIGNON or the user must run in Derive CCID processing mode.
NO-User is
Determines the requirements for specifying a userid.
Y -- Changes may be made without a known userid; if specified,
NO-USER = Y must be specified in the dictionary descriptor's security classes.
N -- Changes will not be logged unless either an CA IDMS/DC or an CA Endevor/DB userid is specified. SIGNON is required.
NO-Auth is
In conjunction with the LIM-AUTH clause, establishes preauthorization restrictions for a user making changes. Refer to the CA Endevor/DB for CA IDMS Administrator Guide for a full description of the use of NO-AUTH and LIM-AUTH.
Y -- User is not subject to preauthorization rules.
N -- User is subject to preauthorization rules.
LIM-auth is
In conjunction with the NO-AUTH clause, establishes preauthorization restrictions for a user making changes. Refer to the CA Endevor/DB for CA IDMS Administrator Guide for a full description of the use of NO-AUTH and LIM-AUTH.
Y -- Limited preauthorization applies to this user.
N -- Full preauthorization applies to this user.
NM-Mode is
Controls use of TAG commands in the Migration facility, NDVRDLVR process.
Y -- TAG commands may be specified.
N -- TAG commands may not be specified.
BATch is
Establishes permission to execute the MIS Batch facility, NDVRMISB.
Y -- NDVRMISB execution is allowed.
N -- NDVRMISB execution is disallowed.
ARChive is
Establishes authority to execute the Archive and Compress utility, NDVRARCO, to archive Change Log Entries.
Y -- NDVRARCO execution is allowed.
N -- NDVRARCO execution is disallowed.
MIGrate is
Establishes authority to execute the Migration facility, including the migration booking, NDVRBOOK with OPTION = MIGRATE.
Y -- Migration facility utility execution is allowed.
N -- Migration facility utility execution is disallowed.
MODs
Identifies the CCDB and CA IDD entity types which users under this security class are allowed to modify. Omitting an entity type means no update is allowed for that entity type.
NONE
Updates are disallowed for all entity-types.
( entity-type(s) )
Update is allowed for the entity-types specified, and only those specified. Refer to Appendix B for a definition of the entity types.
A-OPT
Identifies the CCDB and CA IDD entity types for which preauthorization rules apply before updates are allowed. This facility is used in conjunction with the NO-AUTH and LIM-AUTH values in the security class and by the existence of preauthorizations in the CCDB.
NONE
Preauthorization rules will be applied to all entity types.
( entity-type(s) )
For each entity-type specified, preauthorization rules will not be applied.
COMment is 'comment-text'
A 1 to 60-character, user-defined remark for the security class descriptor.
|
Copyright © 2013 CA.
All rights reserved.
|
|