Previous Topic: MISC9 AuthoritiesNext Topic: RSTDACC Authority

Creating Security AdministratorsAdministrative AuthorityRESOURCE Authorities

RESOURCE Authorities

The RESOURCE keyword designates what type of maintenance a security administrator can perform on resources.

The operands that can be specified with the RESOURCE keyword are:

ALL

Allows the security administrator to perform all of the authorities listed below.

AUDIT

Allows the security administrator to ADD or REMOVE resources from the AUDIT record.

INFO

Allows the security administrator to issue TSS WHOHAS and TSS WHOOWNS for resources.

OWN

Allows the security administrator to define, move, and remove resource ownership.

REPORT

Allows the security administrator to use CA Top Secret BATCH reporting utilities for resources.

XAUTH

Allows the security administrator to PERMIT or REVOKE resource access. The access levels must also be specified.

Examples: RESOURCE attributes

This example gives the FINVCA security administrator the ability to use BATCH reporting utilities for resources.

TSS ADMIN(FINVCA) RESOURCE(REPORT)

This example allows FINVCA to PERMIT an access level of READ or FETCH for the ACIDs within his scope:

TSS ADMIN(FINVCA) RESOURCE(XAUTH)
                  ACCESS(READ,FETCH)

RESOURCE(XAUTH) is not a typical administrative authority, since it allows the administrator to assign or revoke access authorizations to any ACID (provided the resource involved is within his scope).

Resource Access Level

When specifying RESOURCE specify an ACCESS level, if one applies. Otherwise the default is READ.

Example: specify a resource access level

This example gives a resource create and update access levels:

TSS ADMIN(RESVCA) RESOURCE(OWN)
                  ACCESS(CREATE,UPDATE)

Authority for One Resource Class

The RESOURCE keyword applies to all resources.

Example: administrative authority for a specific resource

This example substitutes the resource class name:

TSS ADMIN(RESVCA) PROGRAM(INFO)

Resource Outside Scope

The ACTION(ADMIN) keyword gives the security administrator the ability to allow ACIDs within his scope the authority to administer resources not within the permitted ACID’s scope.

Example: administer out of scope resource

In this example, if the data sets with the high level index SYS1 are not within the SCOPE of ACID USER05, the security administrator issues the TSS PERMIT command function with ACTION(ADMIN) to allow USER05 to administer the data sets:

TSS PERMIT(USER05) DSNAME(SYS1.)
                   ACTION(ADMIN)