Valid on z/OS, z/VSE, and z/VM.
Use the REVOKE command function to revoke access to ownable resources when no longer needed, or when the access restrictions (levels and/or controls) must be changed. A command can revoke multiple permissions or one specific permission.
Administrators must have the appropriate resource(XAUTH) authority, via the TSS ADMIN command function, to revoke access to owned resources within their administrative scope. Note that RESOURCE(XAUTH) allows administrators to revoke access to all owned resources within their administrative scope. Administrators must also have explicit authority to use each access level keyword.
Given the proper administrative authority, an CA Top Secret administrator may allow any ACID to access a resource, even if the ACID is outside of the administrator's scope. The resource, however, must be within the administrator's scope of authority.
All resources defined to the RDT can also be used with the REVOKE command function.
This command function has the following format:
TSS REVOKE (acid) keyword(p‑fix)
ACCESS(level)
keyword(oper)
Specifies the ACID of the user or job access is being revoked from
Specifies the keyword for the type of resource access is being revoked for. For example, DSNAME and VOLUME.
Specifies the prefix or resource name. A specific level of ACCESS to the resource, if applicable; if no entry is made, CA Top Secret usually assigns a default access level based on the resource type. For example, the default for data set is READ.
Specifies the manner in which a resource can be used once accessed. For example, NONE, READ, and WRITE.
Specifies the additional access keywords and their associated options. For example, DAYS(WEEKENDS), LIBRARY(SYS2.TESTLIB), and ACTION(FAIL).
| Copyright © 2009 CA. All rights reserved. | Email CA about this topic |