SURROGAT Resource Class—Restrict Preset Security

Resources › SURROGAT Resource Class—Restrict Preset Security

SURROGAT Resource Class—Restrict Preset Security

Valid on z/OS and z/VM.

Use SURROGAT to restrict installation of pre‑set security for terminals to specific ACIDs. SURROGAT can only be used with terminals running under CICS 4.1.

The SURROGAT keyword is used to establish access authorizations and restrictions.

This resource class has the following format for ADDTO/REMOVE:

TSS ADDTO(acid) SURROGAT(acidname.DFHINSTAL)

Prefix length: Two to 17 characters

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) SURROGAT(acidname.DFHINSTAL)

Prefix length: Two to 44 characters

This keyword is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOHAS, and WHOOWNS
The SURROGAT ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The SURROGAT ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
SURROGAT(OWN) authority to ADD or REMOVE terminals from ACIDs
SURROGAT(XAUTH) authority to permit or revoke access to terminals that are owned

The administrator can use any of the following methods to control access to surrogate terminals: Expiration, Facility, Time/Day, and Actions.

Example: SURROGAT resource class

This example installs a terminal with a pre‑set userid of WAREHOUS, an ACID named WAREHOUS must be defined to CA Top Secret with permission to the CICS Facility and any appropriate resources:

TSS ADDTO(CICSDEPT) SURROGAT(WAREHOUS.DFHINSTAL)

This example permits the user defining the terminal access to the SURROGAT resource for WAREHOUS:

TSS PERMIT(CICSADM) SURROGAT(WAREHOUS.DFHINSTL)
                    ACCESS(READ)

SYSAUTO Resource Class—IBM Automation Control for z/OS Resources

Valid on z/OS.

Use SYSAUTO to control access to z/OS resources for IBM Automation Control.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) SYSAUTO(ZOSRES)

Prefix length: 2 - 26 characters.
Capacity of list: 1 - 5 prefixes per TSS command.

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) SYSAUTO(ZOSRES)

Resource length: 1 - 246 characters.

This resource class is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOOWNS, and WHOHAS.
The ACID types User, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE.
The ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE.
SYSAUTO(OWN) authority to ADD or REMOVE ownership of SYSAUTO resources from ACIDs.
SYSAUTO(XAUTH) authority to PERMIT or REVOKE access to SYSAUTO resources.

The administrator can use any of the following methods to control access to SYSAUTO resources: Expiration, Facility, Program Pathing, Time/Day, and Actions.

Examples: SYSAUTO resource class

This example protects the resource with CA Top Secret by assigning ownership to the Corporate Department ACID:
```
TSS ADDTO(AUTODEPT) SYSAUTO(ZOSRES) 
```
The administrator can now PERMIT access to users or profiles that require access.
This example removes ownership:
```
TSS REMOVE(AUTODEPT) SYSAUTO(ZOSRES) 
```
This example permits users to access SYSAUTO(ZOSRES):
```
TSS PERMIT(TECHUSER) SYSAUTO(ZOSRES) 
```