Ownership by an individual ACID automatically implies full (ALL) access to that resource. For example, if USER01 was given ownership of the PAYROLL.UPDTE data set through the following command, then USER01 has ALL access to the PAYROLL.UPDTE data set:
TSS ADD(USER01) DSN(PAYROLL.UPDTE)
Ownership of a resource by a Department ACID, however, does not imply automatic access to that resource for all users in that Department. This is because a Department ACID (like Zone and Division ACIDs) represents a group of ACIDs and is not an actual user. A Department ACID does not sign on or function as an individual user does, therefore, it cannot access the resource. Resources are assigned to a Department ACID much the same way books are placed on a bookshelf—for safekeeping.
Owing to this structural difference, each user in that Department would have to be explicitly authorized to access that resource and this enables you to restrict access to an as-needed basis. For example, the following designates the Financial Department (FINDEPT) as the owner of the INVEST.RES data set:
TSS ADD(FINDEPT) DSN(INVEST.RES)
If USER02 belongs to that department he would still have to be authorized (through the TSS PERMIT command) to access the INVEST.RES data set. That way, you can give USER02 UPDATE access or even restricted to READ only access. The same applies for resource ownership by Divisions and Zones. For more information about TSS PERMIT and access level restrictions, see the How Do I Control Access to These Resources? section later in this chapter.
In general, you should assign ownership of your resources to the appropriate Department, Division, or Zone ACID. One exception to this guideline, however, might be to let users own all of their own minidisks and all the files whose data set name prefix matchs their userids.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|