The AUTHORITY clause of the USER statement defines a user in the dictionary and assigns the specified user authority to access secured entity types and perform secured operations.
Each user definition must include an AUTHORITY clause to grant the named user the authority to access each entity type, entity group, and product that has been secured by means of a SET OPTIONS SECURITY IS ON statement. The AUTHORITY clause also specifies the verbs (ADD, MODIFY, DELETE, REPLACE, DISPLAY, PUNCH) that the user is authorized to issue; this feature allows the data administrator to grant a user the authority to modify some entity types yet only display other entity types.
The syntax for the AUTHORITY clause appears with the USER statement (see USER).
Examples
In the following example, user DDA can use any verb to access any secured entity type and can perform any secured operation; typically, update authority is only assigned to the data administrator.
add user name is dda
include authority for update is all.
In the following example, user WMC can modify and display all entity types in the IDD entity group except USER.
add user name is wmc
include authority for modify is idd
exclude authority for modify is user.
In the following example, user WMC can issue all USER statement clauses that require CA ADS, CA Culprit, and CA OLQ update authority, all verbs for all IDD entity types (except ADD QFILE and ADD PROCESS), and DISPLAY/PUNCH verbs for all entity types; however, user WMC cannot issue USER statements that require PASSWORD update authority.
add user name is wmc
include authority for update is (ads olq culprit idd)
exclude authority for add is (process qfile)
include authority for display is all
exclude authority for update is password.
|
Copyright © 2014 CA.
All rights reserved.
|
|