VMMDISK Resource Class—Secure Minidisks

Resources › VMMDISK Resource Class—Secure Minidisks

VMMDISK Resource Class—Secure Minidisks

Valid on z/VM.

Use VMMDISK to secure all z/VM minidisks.

When used with TSS ADDTO/REMOVE, this resource class has the following format:

TSS ADDTO(acid) VMMDISK(minidisk)

Prefix length: Two to 13 characters.
Full name: Two to 13 characters.
Capacity of list: One to eight minidisks per TSS command.

Generic prefixing allows the administrator to group a set of similar resource names together, and define them by generic prefix.

When used with TSS PERMIT/REVOKE, this resource class has the following format:

TSS PERMIT(acid) VMMDISK(minidisk)
                 ACCESS(access levels)

Prefix length: Two to 13 characters.
Full name: Two to 13 characters.
Capacity of list: One to eight minidisks per TSS command.

This keyword is used with:

The commands CREATE, ADDTO, REMOVE, PERMIT, REVOKE, ADMIN, DEADMIN, WHOHAS, and WHOOWNS
The VMMDISK ACID types User, Profile, Department, Division, Zone, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS ADD/REMOVE
The VMMDISK ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, and MSCA when used with TSS PERMIT/REVOKE
VMMDISK(OWN) authority to ADD or REMOVE ownership of minidisks from ACIDs

The following table indicates the access levels that the administrator can specify:

Level	Link Access
READ	R, RR
WRITE	W
MULTI	M
MREAD	R, RR, M, MR
MWRITE	W, M, MW
SREAD	SR
SWRITE	SW
SMULTI	SM
EREAD	ER
EWRITE	EW
UPDATE	R, RR, W, WR
ALL	Any link is valid
NONE	No link is valid

Note the following:

Specifying access levels READ and MULTI together implies MREAD access.
Specifying access levels WRITE and MULTI together implies MWRITE access.

The administrator can use any of the following methods to control access to minidisks: Expiration, Facility, Time/Day, and Actions.

Note: All cuu addresses are assumed to be four digits. For example 190 disk is permitted as MAINT.0190
VMMDISK(XAUTH) authority to permit or revoke access to minidisks

ALL Access

Ownership implies that the user, profile, or control ACID has an access level of ALL, which allows the ACID to READ and WRITE to the specified minidisk(s).

Ownership

It may not be desirable to grants unlimited access to individual users or profiles. It is recommended that the administrator use the ADDTO command function to assign ownership of minidisks to departments or divisions. The administrator may then authorize full or restricted access to minidisks via the PERMIT command function.

Masking

The VMMDISK resource class supports all masking characters.

Examples: VMMDISK Resource Class—Secure

This example adds a specific VMMDISK, the administrator gives the Inventory Department (INVDEPT) ownership of a 192 minidisk belonging to userid INVEN:

TSS ADDTO(INVDEPT) VMMDISK(INVEN.0192)

This examp[le removes ownership of minidisks:

TSS REMOVE(INVDEPT) VMMDISK(INVEN.0192)

This example permits a USER01 to link in READ mode to any of USER02's minidisks:

TSS PERMIT(USER01) VMMDISK(USER02)

This example revokes READ access to USER02's minidisk:

TSS REVOKE(USER01) VMMDISK(USER02)