Multiple authorizations--that is, PERMITs that specify both the same ACID and resource identifier--can be revoked by using a single TSS REVOKE function.
For example, the following revokes both PERMITs in the previous example.
TSS REVOKE(USER01) VMMD(MAINT.)
Removing an Individual Permisson
To remove one specific permission, list the user’s or profiles' XAUTH data and then issue the revoke exactly as it is listed. For example, the output of the following TSS LIST command:
XA DATASET = SYS1.PROCLIB
ACCESS = READ
PRIVPGM = IEBCOPY
Would let you revoke the following authorization:
TSS REVOKE(user) DSN(SYS1.PROCLIB) ACCESS(READ) PRIVPGM(IEBCOPY)
Even if there were other permissions with different access levels or other criteria, only this permission would be revoked. However, if you code the REVOKE with only the resource and no other parameters, then all matches of the resource will be revoked.
Note: The FOR parameter should not be used on a REVOKE command.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|