Creating and Setting Up Users › Profile ACIDs

Profile ACIDs

A profile is an ACID containing resource permissions that allows users who can share access authorizations for protected resources to be grouped. Profiles minimize the use of access authorizations made directly to users. Use of profiles avoids redundant authorizations and makes administration easier.

When creating and using profiles:

• You can attach a maximum of 254 profiles to one user
• You cannot assign a password to a profile
• You cannot attach a profile to another profile
• A profile must be defined under an department
• To attach a profile to a user, both the ACID and the profile must be within your scope of authority
• Profiles can be made globally administrable with the GAP attribute
• The SUSPEND attribute is not valid on a profile or group type acid
• Profiles should not own resources
• Users can be assigned to a profile permanently or temporarily
• You can administer profiles outside of your scope if you have been given the proper authority

To define a new profile ACID

1. Enter the command:

   TSS CREATE(acidname) TYPE(PROFILE)
                        NAME(profilename)
                        DEPARTMENT(deptname)
   

   TYPE

   Specifies PROFILE as the ACID type.

   NAME

   Specifies the name of the profile.

   DEPARTMENT

   Specifies the department the profile belongs to. This keyword is required if the control ACID issuing the command is an SCA, LSCA, or ZCA, but not a DCA. TYPE(USER) and TYPE(PROFILE) ACIDs must be created in a department.

   The profile ACID is defined.

2. Enter the command:

   TSS PERMIT(acidname) DSNAME(dataset)
                        ACCESS(UPDATE)
                        TIME(hh,hh)
   

   DSNAME

   Specifies the data sets permissions are granted to.

   ACCESS

   Specifies the type of permission being granted.

   TIME

   Specifies the time range for the permission to be granted.

   The profile permissions are specified.

Example: define an ACID profile

This example creates the new Payroll Department profile linked to that department and then grants profile APPPRO1 update access to all data sets beginning with ABC as the high level qualifier from 8 a.m. to 7:59 p.m.

TSS CREATE(APPPRO1) TYPE(PROFILE)
                    NAME(‘PAYROLL DEPT PROF’)
                    DEPARTMENT(PAYROL)

TSS PERMIT(APPPRO1) DSNAME(ABC.)
                    ACCESS(UPDATE)
                    TIME(08,20)