Valid on z/OS, z/VSE, and z/VM.
Use the WHOHAS command function to display:
Only one resource keyword and prefix may be specified per command. Attributes and non‑resource fields, however, may be specified on a command. If several attributes, fields, or facilities are specified, all attributes, fields, or facilities must be simultaneously present.
The administrators must have:
Note: If mixed case is used for an FDT field or the HFSSEC resource class, when issuing a TSS WHOHAS for the FDT field or HFSSEC resource class, the case on the WHOHAS command must match the case in the FDT data or HFSSEC resource name on the acid in order for that data to be displayed.
This command function has the following format:
TSS WHOHAS keyword(value|*) [DATA{literal}
Mask[,NOPREFIX]}
For queries on:
Enter the specific resource prefix, field value, attribute value (if applicable) or facility name for which access information is required or enter the data that must be contained in that field.
Optionally, limit the type of matching used for resource queries (LITERAL, MASK, NOPREFIX).
To display all permitted access to a maskable resource type, enter an asterisk (*) with DATA(MASK).
This command function uses:
Additional resource keywords may be used by an installation that has defined new resource classes in the RDT Record.
FDT field names may be obtained by listing the FDT.
The following attributes, which take no value, may be used with the TSS WHOHAS command:
|
ASUSPEND |
NOADSP |
NORESCHK |
SUSPEND |
|
AUDIT |
NOATS |
NOSUBCHK |
TRACE |
|
CONSOLE |
NODSNCHK |
NOSUSPEND |
TSOMPW |
|
GAP |
NOLCFCHK |
NOVMDCHK |
|
|
MRO |
NOOMVSDF |
NOVOLCHK |
|
|
MULTIPW |
NOPWCHG |
RSTDACC |
|
The following attributes must be specified with a value:
|
FACILITY (If specified with another field/attribute) |
SMSAPPL |
TSOLACCT |
WAADDR1 |
|
SMSDATA |
TSOLPROC |
WAADDR2 |
|
|
LANGUAGE |
SMSMGMT |
TSOLSIZE |
WAADDR3 |
|
LTIME |
SMSSTOR |
TSOMCLASS |
WAADDR4 |
|
OPCLASS |
SOURCE |
TSOMSIZE |
WABLDG |
|
OPIDENT |
TSOCOMMAND |
TSOSCLASS |
WADEPT |
|
OPPRTY |
TSODEFPRFG |
TSOUDATA |
WANAME |
|
PHYSKEY |
TSODEST |
TSOUNIT |
WAROOM |
|
SCTYKEY |
TSOHCLASS |
TZONE |
|
|
SITRAN |
TSOJCLASS |
WAACCNT |
|
Resource access information can be obtained by specifying a prefix, fully qualified name (within quotes), or a pattern containing masking characters. Not all resources support masking characters.
The amount of information displayed by the WHOHAS function can be voluminous depending upon the number of PERMITs defined. The DATA(option) keyword can be used to limit the display.
If you issue the WHOHAS command for DSNAME(SYS), it will return the OWNER for SYS1, then all of the authorizations under the owner. Next, you will get the owner for SYS2 and all of those authorizations until the list is complete.
Facility access information can be obtained by specifying a fully qualified facility name; no prefix or masking is supported. Attribute information can be obtained by entering one or more attribute names. Data field information can be obtained by specifying the full data name.
Because facility information is not maintained as a resource, the amount of work required to obtain this information is dependent on the scope of the administrator requesting it. For a ZCA or lower, it is reasonably quick; however, for an SCA or an LSCA, it can require much longer to complete. Consider using batch processing to execute this command as an SCA. The amount of time required is greater than the time required to execute the TSS LIST(ACIDS) DATA(BASIC) command.
Examples: the WHOHAS function
This example lists all ACIDs that have the facility CICSPROD:
TSS WHOHAS FACILITY(CICSPROD)
This example lists all ACIDs that have the NODSNCHK attribute and simultaneously have the TSO procedure PROC999 as their default logon procedure:
TSS WHOHAS NODSNCHK
TSOLPROC(PROC999)
This example displays all permitted access to the resource type dataset:
TSS WHOHAS DSN(*) DATA(MASK)
To obtain administrative authority information use the AUTHADM keyword and specify any of the administrative authorities that are specified with the TSS ADMIN command.
Because facility, field and attribute information is not maintained in the SECFILE ACID Index, a sequential search within the administrator's scope completes the query. For a user with a small number of ACIDs in their scope, it is reasonably quick; however, for an SCA or an LSCA, it can require much longer to complete. Therefore, you might consider using batch processing to execute this command as an SCA. The amount of time required is similar to the time required to execute the TSS LIST(ACIDS) DATA(BASIC) command.
To display permitted accesses to resources, the administrator enters a TSS WHOHAS command. This command displays the owner of the resource, ACIDs who are authorized access to the resource, and administrator ACIDs who are permitted administrative authority over the resource.
To determine who has access information for data sets prefixed with SFT.CICS., enter:
TSS WHOHAS DSNAME(SFT.CICS)
CA Top Secret displays the ACIDs and the access information shown below.
RESOURCE = SFT.CICS. OWNER(SFTDEPT)
XAUTH = SFT.CICS. ACID(SFTUSR1)
ACCESS = UPDATE
XAUTH = SFT.CICS.LOAD ACID(SFTUSR2)
ACCESS = UPDATE,CONTROL
XAUTH = SFT. ACID(SFTMNGR)
ACCESS = READ
ADMIN = SFT. ACID(SFTDCA)
ACCESS = ALL
XAUTH = SFT.*.TEST ACID(SFTMNGR)
ACCESS = UPDATE,CONTROL
The figure above shows the resource owner (SFTDEPT), all matching access PERMITS (XAUTH), as well as administrator ACIDs to which the resource was permitted with the ACTION(ADMIN) keyword.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|