ADDTO Function—Add Resource Ownership and Attributes

Command Functions › ADDTO Function—Add Resource Ownership and Attributes

ADDTO Function—Add Resource Ownership and Attributes

Valid on z/OS, z/VSE, and z/VM.

Use the ADDTO command function to:

Assign resource ownership or special attributes to a defined ACID
Define started tasks to CA Top Secret
Add to the Audit Record a resource that CA Top Secret will audit
Authorize an ACID to use specific facilities
Connect profiles to users
Grant access to non‑ownable installation‑defined resources
Prohibit an ACID from using a specific set of commands or transactions, or confines an ACID to a specific set of commands or transactions
Add new resource classes to the Resource Descriptor Table (RDT)
Add new fields to the Field Descriptor Table (FDT)
Assign PassTickets, Node, NETUAF and volume records to the Node Descriptor Table (NDT)
Identify which LUs can participate in APPC conversations by adding them to the APPCLU Record

Administrators must have:

The appropriate RESOURCE(OWN) authority to add ownership of resources from ACIDs within their scope
MISC1, MISC2, or MISC9 authority to assign many of the security attributes to ACIDs within their scope

ACID authorities determine the levels at which administrators can manage ACIDs within their scope.

This command function has the following format:

TSS ADDTO(acid) KEYWORD[(operand)]

ACID: Specifies the resource or attribute being assigned.
Keyword: The type of resource or attribute being assigned.
Operand: The specific prefix, name, or value of resource or attribute. An operand might be required, depending on the specific keyword.

Resource Ownership

Resource ownership means that the user, profile, or control ACID has an access level of ALL. To avoid granting unlimited access to individual users or profiles:

Use the ADDTO command function to assign resource ownership to department or division ACIDs
Use the PERMIT command function to authorize full or restricted resource access for other ACIDs (non‑owners)

If the resource is:

New (undefined), the ADDTO command function defines the resource by assigning ownership to the ACID specified in the command function
Owned by another ACID, the ADDTO command function transfers ownership to the ACID specified in the command function and permits the old owner full access to the resource

To permit access to all owned resources within a NOMASK resource class use the special resource name:

*ALL*

To permit resource classes with the MASK attribute use the resource name:

????

Examples: resource ownership

This example defines the resource by assigning ownership to the ACID:

TSS ADDTO(ACID1) DSNAME(USER)

This example transfers ownership of data set USER01 from ACID1 to ACID2:

TSS ADDTO(ACID2) DSNAME(USER01)
                 UNDERCUT

This example prevents automatic permission with the NOPERMIT keyword:

TSS ADDTO(ACID2) DSNAME(USER)
                 UNDERCUT
                 NOPERMIT

Assign Attributes

Adding an attribute to a user or profile ACID assigns special authorities or restrictions to that ACID.

Example: assigning an attribute

This example gives a user the ability to modify control options by adding the CONSOLE attribute:

TSS ADDTO(USER2) CONSOLE

ADDTO Applicable Keywords

This command function uses the keywords:

ACTION	ACTIVE	AFTER\|BEFORE	ASSIZE
ASUSPEND	AUDIT	CALENDAR	CERTMAP
COMMAND	CONSOLE	CONVSEC	CNFAPP
CNFUVAR	CRITERIA	CRITMAP	DAYS
DAYS (For Calendars)	DCDSN	DEFAULT	DEFNODES
DEFTKTLF	DFLTGRP	DIGICERT	DUFUPD
DUFXTR	EIMDOMAIN	EIMLOCREG	EIMOPTION
EIMPROF	EXPIRE	FACILITY	FIRST
FOR	GAP	GID	GROUP
HOME	ICSF	IDNFILTR	IESFL1
IESFL2	IESINIT	IESSYNM	IESTYPE
IESVCAT	IMSMSC	INSTDATA	INTERVAL
JOBNAME	KERBLINK	KERBNAME	KERBPASS
KERBUSER	KERBVIO	KEYRING	LABLCERT
LABLCMAP	LABLRING	LANGUAGE	LDAPDEST
LDS	LINKID	LINKNAME	LINUXNAM
LTIME	MASTFAC	MAXTKTLF	MCSALTG
MCSAUTH	MCSAUTO	MCSCMDS	MCSDOM
MCSKEY	MCSLEVL	MCSLOGC	MCSMFRM
MCSMGID	MCSMON	MCSROUT	MCSSTOR
MCSUD	MEMLIMIT	MINIKTLF	MMAPAREA
MODE	MRO	MULTIPW	NOADSP
NOATS	NODES	NODSNCHK	NOLCFCHK
NOPERMIT	NOPWCHG	NOREFRESH	NORESCHK
NOSUBCHK	NOSUSPEND	NOVMDCHK	NOVOLCHK
OECPUTM	OEFILEP	OIDCARD	OMVSPGM
OPCLASS	OPIDENT	OPPRTY	PASSWORD
PHYSKEY	PROCNAME	PROCUSER	PROFILE
PRXBINDDN	PRXBINDPW	PRXLDAPHST	PRXKRBREG
PRX509KRB	PSTKAPPL	PSUSPEND	REALMNAME
RESOWNER	RETAIN	RINGDATA	SCTYKEY
SDNFILTR	SESSKEY	SESSLOCK	SIGNMULTI
SHMEMMAX	SITRAN	SMSAPPL	SMSDATA
SMSMGMT	SMSSTOR	SNAME	SOURCE
START	STCACT	SUSPEND	SYSID
TARGET	TREADS	TIMEREC	TIME
TRACE	TRANSACTIONS	TRUST	TSOCOMMAND
TSODEFPRFG	TSODEST	TSOHCLASS	TSOJCLASS
TSOLACCT	TSOLPROC	TSOLSIZE	TSOMCLASS
TSOMPW	TSOMSIZE	TSOOPT	TSOSCLASS
TSOUDATA	TSOUNIT	TZONE	UID
UNAME	UNDERCUT	UNTIL	USAGE
USER	VSECATBT	VSEMCON	VSERDD
VSESYSAD	VSUSPEND	WAACCNT	WAADDR1
WAADDR2	WAADDR3	WAADDR4	WABLDG
WADEPT	WAIT	WAROOM	WANAME
XCOMMAND	XSUSPEND	XTRANSACTIONS