Previous Topic: Selectively Revoking PERMITsNext Topic: Mask and Prefix for Other Resources

Command FunctionsPERMIT Function—Permit Access to ResourcesUsing the GENERIC - NONGENERIC Attribute

Using the GENERIC - NONGENERIC Attribute

The RDT attribute, NONGENERIC, causes a general resource to be treated as a fully qualified name rather than as a generic prefix.

Note: The GENERIC/NONGENERIC attribute affects security resource checks, it has no effect on CICS Bypass List processing.

The NONGENERIC attribute can support both long and short resource classes. This attribute does not, however, support the resources that support masking characters.

For example, an administrator can permit a user to resource OTRAN(PSRV), which would allow access to PSRV as well as PSRVTEST or any other OTRAN whose first four characters match the prefix, PSRV. If the NONGENERIC attribute is activated, a permit to OTRAN(PSRV), however, only allows the user to execute transaction PSRV and not PSRVTEST. In order for the user to be allowed to issue either transaction, the permit must be done to OTRAN(PSRV(G)).

To alter a particular general resource class to conform to the non‑generic attribute, enter:

TSS REPLACE(RDT) RESCLASS(OTRAN)
                 ATTR(NONGENERIC)

The OTRAN keyword is the resource class to be altered.

To remove the NONGENERIC attribute, enter:

TSS REPLACE(RDT) RESCLASS(OTRAN)
                 ATTR(GENERIC)

When changing the resource class from GENERIC to NONGENERIC, or from NONGENERIC to GENERIC, the security validation behavior for all existing definitions is preserved. However, resources will list differently and administrative commands which follow will have a different effect.

For example, if an attribute of a resource class is changed from GENERIC to NONGENERIC, any resource permitted prior to the change displays a (G) to indicate the cross‑authorization remains GENERIC.

Also, attempts to revoke such a permit may fail, with either TSS0384E: “RESOURCE NOT FOUND IN SECURITY RECORD”, (if the (G) is not included on the REVOKE statement), or TSS0244E: “INVALID SUBFIELD LENGTH FOR KEYWORD ‑ keyword” (if the (G) is included).

In this case, the attribute of the resource class should be temporarily changed back from NONGENERIC to GENERIC (when no other administration is taking place). The REVOKE (without the (G)) should then succeed, and the resource attribute may again be changed to NONGENERIC.

The NONGENERIC attribute applies to the following resources by default: