DATA Keyword with ADMIN—Authority to List Information

Keywords › DATA Keyword with ADMIN—Authority to List Information

DATA Keyword with ADMIN—Authority to List Information

Valid on z/OS, z/VSE, and z/VM.

Use the DATA keyword with the ADMIN command to give or remove CA Top Secret administrators the authority to list Security File information.

Note: When an ACID is given any type of DATA administration authority, DATA(NAMES) is always implied.

This keyword has the following format:

TSS ADMIN(acid) DATA(authority level(s))

This keyword can be used with:

The commands LIST, ADMIN, and DEADMIN
The ACID types User, DCA, VCA, ZCA, LSCA, SCA, and MSCA

DATA Authority Levels

The CA Top Secret administrator can specify the authority levels:

ACIDS

Allows administrators to list all ACIDS connected to the ACID entered in the LIST command.

ADMIN

Allows administrators to list an ACID's administrative authority

ALL

Allows administrator to list everything except PASSWORD, SESSKEY, and PROFILE contents.

BASIC

Authorizes administrators to list an ACID to see the name associated with the ACID, the ACID's type, facilities he is permitted to access, profiles he is associated with, and when the ACID was created, modified, and last used.

CICS

Authorizes administrators to list values for CICS operator fields: OIDCARD, OPCLASS, OPIDENT, OPPRTY, OPTIME, SCTYKEY.

INSTDATA

Authorizes administrators to list the installation data for an ACID.

LCF

Authorizes administrators to list the commands and/or transactions that an ACID is confined to (via TRANSACTIONS/COMMAND) or restricted from (via XTRANSACTIONS/XCOMMAND).

NAMES

Allows administrators to list an ACID's name, and the associated Department or Division names.

Note: When an ACID is given any type of DATA administration authority, DATA(NAMES) is always implied.

PASSWORD

Allows administrators to display the ACID's password expiration date and interval, not the actual password.

PROFILE

Allows administrators to list contents of all profiles connected to an ACID.

RESOURCE

Authorizes administrators to list resources owned by an ACID

SESSKEY

Authorizes administrators to display the SESSKEYs associated with each LINKID in the APPCLU Record.

SMS

Authorizes administrators to list an ACID's default SMS data.

SOURCE

Authorizes administrators to list the device from which an ACID must initiate.

TSO

Authorizes administrators to list an AICD's default TSO data.

WORKATTR

Authorizes administrators to display the SYSOUT account and delivery attributes associated with a particular ACID. This includes WAACCNT, WABLDG, WADEPT, WAADDR1, WAADDR2, WAADDR3, WAADDR4, WANAME, and WAROOM.

XAUTH

Authorizes administrators to list resources which may have had PERMIT applied by an ACID within their scope, the level at which the ACID may access the resource, and the owner of the resource.

Rules

Secondary administrators and auditors can be given the ability to request all portions of a Security Record with the exception of password expiration dates, intervals, and profile contents by issuing the following ADMIN command function:

TSS ADMIN(acid) DATA(ALL)

To give an administrator the ability to list every field of a user security record including the password expiration date and interval fields and the contents of profiles connected to the ACID, enter:

TSS ADMIN(acid) DATA(ALL,PASSWORD,PROFILE)

Examples: DATA keyword

This example gives the divisional administrator, TECHVCA, the authority to list every possible DATA field and the contents of profiles, excluding the password itself and any applicable SESSKEYs:

TSS ADMIN(TECHVCA) DATA(ALL,PASSWORD,PROFILE)

This example removes TECHVCA's authority for DATA:

TSS DEADMIN(TECHVCA) DATA(ALL,PASSWORD,PROFILE)