PERMIT Function—Permit Access to Resources

Command Functions › PERMIT Function—Permit Access to Resources

PERMIT Function—Permit Access to Resources

Valid on z/OS, z/VSE, and z/VM.

Use the PERMIT command function to authorize ACIDs full or restricted access to resource they do not own.

Use the PERMIT command function to control:

Who can access a resource
How, when, and/or at what level, the resource can be accessed
The ACTION taken when access to a resource is attempted

Resource ownership means that the user, profile, or control ACID has an access level of ALL. It may not be desirable to grant unlimited access to individual users or profiles, CA Top Secret administrators should assign resource ownership to department or division ACIDs using the ADDTO command function.

Administrators must have the appropriate resource(XAUTH) authority, via the TSS ADMIN command function, to PERMIT access to owned resources within their administrative scope. Note that RESOURCE(XAUTH) allows administrators to PERMIT access to all owned resources within their administrative scope. Administrators must also have explicit authority to use each access level keyword.

Given the proper administrative authority, an CA Top Secret administrator may allow any ACID to access a resource, even if the ACID is outside of the administrator's scope. The resource, however, must be within the administrator's scope of authority.

All resources defined to the RDT can also be used with the PERMIT/REVOKE command function.

A resource must be owned before access can be permitted.

Resources may not be permitted to department or division ACIDs.

This command function has the following format:

TSS PERMIT(acid) keyword(p‑fix) 
                 ACCESS(level)
                 keyword(oper)

ACID: Specifies the ACID of user or job for whom access is being permitted.
Keyword: Specifies the keyword for type of resource to which access is being permitted. For example DSNAME and VOLUME.
p-fix: Specifies the prefix or resource name. A specific level of ACCESS to the resource, if applicable; if no entry is made, CA Top Secret usually assigns a default access level based on the resource type. For example, the default for data set is READ.
Level: Specifies the manner in which a resource can be used once accessed. For example NONE, READ, and WRITE.
Keyword: Additional access keywords and their associated options. For example: DAYS(WEEKENDS), LIBRARY(SYS2.TESTLIB), and ACTION(FAIL)