Part of the processing of commands entered in CA Ideal is to verify that the user has the proper authorization to execute the command. Each command has a minimum level of authorization required to execute it, and each user is assigned a level of authorization. A table of the currently assigned command authorizations is contained in the @IIDOPTS load module.
Not all command authorizations are controlled using @IIDOPTS. See the “Authorization Table” appendix for a complete list of those that are. In some cases, the CREATE command automatically invokes the EDIT command. Therefore, authorization for the CREATE and EDIT commands for a single entity should be the same or the EDIT‑entity command should have a lower level of authorization than the corresponding CREATE-entity command.
The authorization required for CA Ideal commands is defined in the following ways:
You can specify a user exit as global or local. A local exit is executed for a particular command. A global exit is invoked for all commands that do not have local exits specified.
After CA Ideal performs its authorization checking, the exit is passed information about the user, the current site authorization level for the command, and the service requested. The exit then determines whether to allow the command to execute.
The syntax of the IDOPTSCB macro is described in the section titled IDOPTSCB Macro for Authorization. Modifying the authorization scheme with the IDOPTSCB macro during installation or after is described in the section titled Modifying Existing Authorizations in this chapter. User exits are described in the section titled Authorization Exit Programs, also found in this chapter.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|