Valid on z/OS.
Use IBMGROUP at signon to assign group names to users. For information about signon processing, see the User Guide. The group names specified are later queried by such products as DB2 and DF/HSM.
When used with TSS ADDTO/REMOVE, this resource class has the following format:
TSS ADDTO(acid) IBMGROUP(group,..|authid,...)
One to eight characters
five resources per TSS command
Note: Under CA Top Secret for DB2, the IBMGROUP resource class is used in reference to secondary authorization IDs.
When used with TSS PERMIT/REVOKE, this resource class has the following format:
TSS PERMIT(acid) IBMGROUP(group,...|authid,...)
One to eight characters
five resources per TSS command
Note: Under CA Top Secret for DB2, the IBMGROUP resource class is used in reference to secondary authorization IDs.
This keyword uses:
The administrator can use any of the following methods to control access to IBMGROUP: Expiration, Facility, Time/Day, and Actions. The access controls CALENDAR, TIMEREC, SYSID may not be used with this resource.
This example protects the use of DB2 PAYROLL secondary authorization ID, by assigning ownership to the Department ACID, and subsequently permitting restricted access to users or profiles:
TSS ADDTO(DEPT02) IBMGROUP(PAYROLL)
This example removes ownership:
TSS REMOVE(DEPT02) IBMGROUP(PAYROLL)
This example permits use of the PAYROLL secondary authorization ID from Batch only:
TSS PERMIT(SYSAU2) IBMGROUP(PAYROLL)
FACILITY(BATCH)
This example revokes access:
TSS REVOKE(SYSAU2) IBMGROUP(PAYROLL)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|