Valid on z/OS, z/VSE, and z/VM.
Use the RESOURCE keyword with the ADMIN command to give authority for an CA Top Secret administrator to issue ADDTO, LIST, REMOVE, PERMIT, REVOKE, and WHOHAS commands for a specific resource class defined in the RDT applied to any ACID owned within its administrative scope. When a resource class contains access levels, the administration can be limited to ACCESS in one or more access-levels; if the administrator is to manipulate all access levels, specify ACCESS(ALL).
Use the RESOURCE keyword with the DEADMIN command to disallow administrative authority of RESOURCE manipulation, ACCESS can be specified by DEADMIN, but it is ignored.
Note: Authority can also be granted/removed to administer all resources globally.
This keyword has the following format:
TSS ADMIN(acid) RESOURCE(authority‑level(s))
ACCESS(access‑level(s))
TSS DEADMIN(acid) RESOURCE(authority‑level(s))
This keyword can be used with:
The CA Top Secret administrator may specify one or more of the following authority levels:
Gives the named "ACID" any of the authorities listed above.
Gives the named "acid" the ability to ADDTO or REMOVE any resource prefixes from the Audit Record. For details, see the Auditor's Guide.
Gives the named "ACID" the ability to employ WHOOWNS and WHOHAS for any resource.
Gives the named "ACID" the administrative authority to ADDTO or REMOVE resources for acids under its scope of control.
Gives the named "ACID" the ability to obtain reports for all resources by employing the utilities TSSUTIL, TSSAUDIT, TSSCPR, and TSSCHART.
Gives the named "ACID" the administrative authority to PERMIT or REVOKE resources for acids under its scope of control.
When granting XAUTH authority to the named “ACID,” the administrator may limit the access levels which the named “ACID” can PERMIT.
If the ADMIN command does not specify an ACCESS clause, the named "ACID" of the command is not allowed to specify an ACCESS keyword in PERMIT commands. As a result, all PERMIT commands issued by the named "ACID" will default to the DEFACC access‑level defined in the RDT
Named "ACID" may permit any resource at any access level.
Named "ACID" may permit any resource at the access level CONTROL.
Named "ACID" may permit any resource at the access level CREATE.
Named "ACID" may permit any resource at the access level DELETE.
Named "ACID" may permit any resource at the access level FEOV.
Named "ACID" may permit any resource at the access level FETCH.
Named "ACID" may permit any resource at the access level NONE.
Named "ACID" may permit any resource at the access level PURGE.
Named "ACID" may permit any resource at the access level READ.
Named "ACID" may permit any resource at the access level REPLACE.
Named "ACID" may permit any resource at the access level SCRATCH.
Named "ACID" may permit any resource at the access level UPDATE.
Named "ACID" may permit any resource at the access level WRITE.
Note: The ACLST of the resource class definition in the RDT governs the appropriate use of ACCESS levels in PERMIT commands for individual resources.
This example authorizes an administrator to PERMIT users to update any resource owned within his scope, and to determine who owns and who has access to those resources:
TSS ADMIN(SUPSCA) RESOURCE(XAUTH,INFO)
ACCESS(U)
This example removes SUPSCA's authority for resources:
TSS DEADMIN(SUPSCA) RESOURCE(XAUTH,INFO)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|