To make a resource available to all users, add the resource to the ALL Record. All the standard access restrictions can be specified for globally accessible resources.
Global authorizations do not update everyone’s security records. They are maintained in common system memory (CSA), as well as on the ALL record in the security file.
A change made to the ALL record is effective immediately on the CPU from which the administrator makes the change. On other connected CPUs, the ALL record is not updated in CSA until a request is made to the Security File (for example, when a job or session initiates), then all of the connected CPUs are automatically synchronized as the new user or job initiates, or when any TSS command is executed.
The following table lists the resources commonly made globally accessible and the access restrictions usually assigned.
|
Resource |
Common Access Restrictions |
|---|---|
|
SMF data sets |
ACCESS(READ) |
|
TSO Broadcast data set |
ACCESS(UPDATE) FACILITY(TSO) |
|
|
PRIVPGM(IEJEES73,LISTBC,LISTB,SEND) |
|
TSO Help data set |
ACCESS(READ) FACILITY(TSO) PRIVPGM(H,HELP) |
|
procedure libraries |
ACCESS(READ) |
|
SPF profile |
ACCESS(UPDATE) PRIVPGM(ISPTASK) |
|
compiler libraries |
ACCESS(READ) |
|
production control libraries |
ACCESS(READ) PRIVPGM(PGMA,PGMB) |
|
system catalog data set |
ACCESS(UPDATE) |
A specific access authorization in a user or profile record overrides a global authorization in the ALL record.
Example: override global authorizations
This example shows that the specific access authorization for OPER01, overrides the global authorization from the ALL Record (which provides only default READ access):
TSS PERMIT(OPER01) DSNAME(‘SYS1.BRODCAST’)
ACCESS(ALL)
TSS PERMIT(ALL) DSNAME(‘SYS1.BRODCAST’)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|