Resources › SDSF Resource Class—Secure SDSF Commands

SDSF Resource Class—Secure SDSF Commands

Valid on z/OS.

Use SDSF to secure SDSF 1.3 commands, functions and other resources.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) SDSF(oper,oper,...)

Prefix length

Two to twenty‑six characters

Capacity of list

One to five prefixes per TSS command

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) SDSF(prefixes(s))
                 ACCESS(access level(s))

Prefix length

Two to sixty‑three characters

Capacity of list

One to five prefixes per TSS command

This keyword is used with:

• The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOHAS, and WHOOWNS
• The SDSF ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
• The SDSF ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
• SDSF(OWN) authority to ADD or REMOVE SDSF resources
• SDSF(XAUTH) authority to permit or revoke SDSF resources

The administrator can:

• Use any of the following methods to control access to SDSF resources: Expiration, Facility, Time/Day, and Actions.
• Specify any of the following access levels: NONE, READ, UPDATE, CONTROL, and ALL.

Masking

The SDSF resource class supports all masking characters.

Example: SDSF Resource Class—Secure

This example defines DEPT01 the ability of users to issue z/OS and JES2 commands on the SDSF command line via the “/” command:

TSS ADDTO(DEPT01) SDSF(ISFOPER.SYSTEM)

The administrator may remove the ability:

TSS REMOVE(DEPT01) SDSF(ISFOPER.SYSTEM)

This example denies USER42 the ability to use SDSF's PR (printer) and INIT (initiator) displays:

TSS PERMIT(USER42) SDSF(ISFCMD.ODSP.INITIATOR.*/ISFCMD.ODSP.PRINTER.*)
                   ACCESS(NONE)