Resources › ZMFAPLA Resource Class—Secure z/OSMF Authorization Roles

ZMFAPLA Resource Class—Secure z/OSMF Authorization Roles

Valid on z/OS.

Use ZMFAPLA to secure access to z/OSMF links and tasks.

When used with TSS ADDTO or REMOVE, this resource class has the following format:

TSS ADDTO(acid) ZMFAPLA(role) 

Prefix length

2-26 characters

Capacity of list

1-8 prefixes per TSS command

When used with TSS PERMIT or REVOKE, this resource class has the following format:

TSS PERMIT(acid) ZMFAPLA(role) 

Prefix length

1-246 characters

Capacity of list

1-8 prefixes per TSS command

This keyword is used with:

• The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS
• The ZMFAPLA ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADDTO or REMOVE
• The ZMFAPLA ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT or REVOKE
• ZMFAPLA(OWN) authority to ADD or REMOVE ownership of ZMFAPLA resources from ACIDs
• ZMFAPLA(XAUTH) authority to PERMIT or REVOKE access to ZMFAPLA resources

An administrator can use any of the following methods to control access to ZMFAPLA resources: Expiration, Facility, Program Pathing, Time/Day, and Actions.

Examples: ZMFAPLA resource class

This example protects the resource by assigning ownership to the Corporate Department. After ownership is assigned, the administrator can PERMIT access to users or profiles.

TSS ADDTO(CORPORAT) ZMFAPLA(ZOSMF) 

This example PERMITs a user to access the DASD management class in z/OSMF:

TSS PERMIT(JOHN01) ZMFAPLA(ZOSMF.DASD_MANAGEMENT.DASD_MANAGEMENT) 

This example revokes access to DASD management:

TSS REVOKE(JOHN01) ZMFAPLA(ZOSMF.DASD_MANAGEMENT.DASD_MANAGEMENT)