RESOURCE Keyword—Individual Resource Class Administration Authority

Keywords › RESOURCE Keyword—Individual Resource Class Administration Authority

RESOURCE Keyword—Individual Resource Class Administration Authority

Valid on z/OS, z/VSE, and z/VM.

Use the resource keyword to grant administrative authority for a specific resource class to an individual administrator.

This keyword has the following format:

TSS ADMIN(acid) resource(authority-level(s))

resource: The specific resource class RESCLASS from the RDT.

This keyword can be used with:

The commands ADMIN, DEADMIN, LIST and WHOHAS
The ACID types User, DCA, VCA, ZCA, LSCA, SCA, and MSCA

More information:

RESOURCE Keyword—Global Resource Class Administration Authority

RESOURCE Authority Levels

The CA Top Secret administrator may specify one or more of the following authority levels:

ALL: Gives the named "ACID" any of the authorities listed above.
AUDIT: Gives the named "acid" the ability to ADDTO or REMOVE any resource prefixes from the Audit Record. For details, see the Auditor's Guide.
INFO: Gives the named "ACID" the ability to employ WHOOWNS and WHOHAS for any resource.
OWN: Gives the named "ACID" the administrative authority to ADDTO or REMOVE resources for acids under its scope of control.
REPORT: Gives the named "ACID" the ability to obtain reports for all resources by employing the utilities TSSUTIL, TSSAUDIT, TSSCPR, and TSSCHART.
XAUTH: Gives the named "ACID" the administrative authority to PERMIT or REVOKE resources for acids under its scope of control.

Access Levels

When granting XAUTH authority to the named “ACID,” the administrator may limit the access levels which the named “ACID” can PERMIT.

DEFAULT: If the ADMIN command does not specify an ACCESS clause, the named "ACID" of the command is not allowed to specify an ACCESS keyword in PERMIT commands. As a result, all PERMIT commands issued by the named "ACID" will default to the DEFACC access‑level defined in the RDT
ALL: Named "ACID" may permit any resource at any access level.
CONTROL: Named "ACID" may permit any resource at the access level CONTROL.
CREATE: Named "ACID" may permit any resource at the access level CREATE.
DELETE: Named "ACID" may permit any resource at the access level DELETE.
FEOV: Named "ACID" may permit any resource at the access level FEOV.
FETCH: Named "ACID" may permit any resource at the access level FETCH.
NONE: Named "ACID" may permit any resource at the access level NONE.
PURGE: Named "ACID" may permit any resource at the access level PURGE.
READ: Named "ACID" may permit any resource at the access level READ.
REPLACE: Named "ACID" may permit any resource at the access level REPLACE.
SCRATCH: Named "ACID" may permit any resource at the access level SCRATCH.
UPDATE: Named "ACID" may permit any resource at the access level UPDATE.
WRITE: Named "ACID" may permit any resource at the access level WRITE.

Note: The ACLST of the resource class definition in the RDT governs the appropriate use of ACCESS levels in PERMIT commands for individual resources.

More information:

ACLST Keyword—Resource Access Level

Example: resource Keyword

This example allows the RESADM ACID to permit READ access to DATASET resources for ACIDs when both the ACID and the DATASET are owned and within scope.

TSS ADMIN(RESADM) DATASET(XAUTH)
                  ACCESS(READ)