The following table describes the authorization a user needs to use CA VM:Secure commands and utilities.
|
Command or Utility |
Type of Authorization |
Authority |
Optional Parameters to Narrow Authority |
|||
|---|---|---|---|---|---|---|
|
ABEND |
Terminate CA VM:Secure operation abnormally |
ABEND |
|
|||
|
ACITRACE |
Dynamically trace ACI security events |
ACITRACE |
|
|||
|
ADDENTRY* |
Create a directory entry for a user or profile from an input file or a skeleton file |
ADDENTRY |
[entry] |
|||
|
Create a user ID or profile from an input file |
ADDENTRY entry NOSKEL** |
|
||||
|
If the input file creates a minidisk |
ADDMDISK |
[entry] |
||||
|
Create a user ID or profile with a skeleton file |
ADDENTRY entry SKELETON** |
|
||||
|
If the skeleton file creates a minidisk |
ADDMDISK |
[entry] |
||||
|
ADDMDISK* |
Add a minidisk for a user ID |
ADDMDISK |
[entry] |
|||
|
ADMIN |
Use all parameters on the ADMIN command |
ADMIN |
|
|||
|
Edit the VMSECURE MANAGERS file |
ADMIN MANAGERS** |
|
||||
|
Edit the VMSECURE GLOBALS file |
ADMIN GLOBALS** |
|
||||
|
Edit a subpool entry |
ADMIN POOL** |
[poolid] |
||||
|
Edit the VMSECURE POSIX file |
ADMIN POSIX** |
|
||||
|
Edit a directory profile |
ADMIN PROFILE** |
[profile] |
||||
|
Edit a skeleton file |
ADMIN SKELETON** |
[skeleton] |
||||
|
Define or change SFS managers’ enrollment defaults or enrollment limits |
ADMIN SFSMGRS** |
[userid] |
||||
|
ASSIGN |
Assign a user ID to a different manager |
ASSIGN |
[entry [mgrid]] |
|||
|
AUDITEXT |
Extract current audit information |
AUDITEXT |
|
|||
|
CAN |
Query the CA VM:Secure rules database |
CAN |
[userid [parameters]] |
|||
|
CHANGE |
Change a user ID’s name |
CHANGE |
[entry] |
|||
|
CHGENTRY |
Change a USER to an IDENTITY or change an IDENTITY to a USER |
CHGENTRY |
[entry] |
|||
|
CHGMDISK* |
Move or change a minidisk |
CHGMDISK |
[entry] |
|||
|
With the NOCOPY option |
NOCOPY |
|
||||
|
CHGVOLNM |
Change all references to the volser of any DASD volume controlled by CA VM:Secure |
CHGVOLNM |
[oldvolser] |
|||
|
CLASS |
Assign a CP privilege class |
CLASS |
[class] |
|||
|
CMD |
Use the CMD command to route another command to an Agent product server in a Single System Image environment |
CMD |
|
|||
|
CMS |
Execute a CMS or CP command on the CA VM:Secure service virtual machine |
CMS |
[word1 ...word15] |
|||
|
COMPRESS |
Defragment disk storage |
COMPRESS |
[volser] |
|||
|
CONFIG |
Edit the CA VM:Secure configuration files |
CONFIG |
|
|||
|
Edit the AUTHORIZ CONFIG file |
CONFIG AUTHORIZ** |
|
||||
|
Edit the DASD CONFIG file |
CONFIG DASD** |
|
||||
|
Edit the PRODUCT CONFIG file |
CONFIG PRODUCT** |
|
||||
|
Edit the SECURITY CONFIG file |
CONFIG SECURITY** |
|
||||
|
Edit the CA VM:Secure SFS configuration |
CONFIG SFS** |
|
||||
|
CPFMTXA |
Use CPFMTXA command to change allocation on the object directory volume |
CPFMTXA |
|
|||
|
DELENTRY* |
Delete an existing user ID or profile |
DELENTRY |
[entry] |
|||
|
Delete a minidisk for a deleted user ID |
DELMDISK |
[entry] |
||||
|
DELETE |
Delete file space for an active user ID |
DELETE |
[userid] |
|||
|
DELMDISK* |
Delete a user ID’s minidisk |
DELMDISK |
[entry] |
|||
|
DISPLINK |
Display links to a user’s minidisks |
DISPLINK |
[userid] |
|||
|
DUPENTRY
|
Create a new user ID based off an existing user ID |
DUPENTRY |
[existing [new]] |
|||
|
For the template user ID’s minidisks. |
DUPMDISK |
[entry] |
||||
|
For the new user ID’s minidisks. |
ADDMDISK |
[entry] |
||||
|
No formatting of minidisks. |
NOFORMAT |
[entry[mgrid]]
|
||||
|
To use the MANAGER option. |
MANAGER |
|||||
|
DUPMDISK* |
Create an exact duplicate of an existing minidisk |
DUPMDISK |
[entry] |
|||
|
For the user ID that owns the source minidisk (sourceuser) |
DUPMDISK |
[entry] |
||||
|
For the user ID that owns the target minidisk (targetuser) |
ADDMDISK |
[entry] |
||||
|
EDIT |
Edit a user ID’s directory entry |
EDIT |
[entry] |
|||
|
EDX |
Edit a user ID’s directory entry, expanding any INCLUDE statement |
EDIT |
[entry] |
|||
|
END |
Terminate CA VM:Secure immediately or after current processes complete |
END |
|
|||
|
Terminate CA VM:Secure immediately only |
END FORCE** |
|
||||
|
Terminate CA VM:Secure operation only after current processes complete |
END NOFORCE** |
|
||||
|
ENROLL |
Enroll a user ID into an SFS file pool |
ENROLL |
|
|||
|
ENTRY |
Update or query directory entry contents |
ENTRY |
[entry [subcommand]] |
|||
|
EXPIRE |
Expire a user ID’s logon password |
EXPIRE |
[userid] |
|||
|
EXTRACT |
Extract directory information |
EXTRACT |
|
|||
|
GENACI |
Place a user ID in a security group |
GENACI |
[userid [group]] |
|||
|
GENHS |
Add rules history records to a user ID’s directory entry |
GENHS |
[userid] |
|||
|
GENINCL |
Add an INCLUDE statement to a userid’s directory entry |
GENINCL |
[userid [profile]] |
|||
|
GETENTRY* |
Retrieve current copy of a user ID’s directory entry or a directory profile |
GETENTRY |
[entry] |
|||
|
GETPWEXP |
Display user ID password expiration information |
GETPWEXP |
[userid] |
|||
|
GRANT AUTHORITY |
Allow a user to grant access to a file space for other users |
GRANT AUTHORITY filespace |
[userid] |
|||
|
GROUP |
Become a temporary member of a new security group |
GROUP |
[group] |
|||
|
HISTORY |
Display a user ID’s history records |
HISTORY |
[userid] |
|||
|
IPLDISKX |
Convert user IDs whose passwords expired before the Rules Facility was installed to the Rules Facility method of password expiration |
IPLDISKX |
[entry] |
|||
|
JOURNAL |
Display password violations and reset password violation count |
JOURNAL |
|
|||
|
Display password violations |
JOURNAL LIST** |
[word1 …word4] |
||||
|
Reset a password violation count to zero |
JOURNAL RESET** |
[word1 …word4] |
||||
|
LISTAUTH |
Query the authorizations specified in the AUTHORIZ CONFIG file |
LISTAUTH |
[userid [authwrds]] |
|||
|
LOCK* |
Prevent updates to any object |
LOCK |
|
|||
|
Prevent updates to a CMS file |
LOCK FILE** |
[fname [ftype [fmode]] |
||||
|
Prevent updates to a user ID |
LOCK USER** |
[userid] |
||||
|
Prevent updates to a profile |
LOCK PROFILE** |
[profid] |
||||
|
LOGMSG |
Change any log message |
LOGMSG |
[groupname] |
|||
|
Create a message to be sent to the user IDs in a specific security group |
LOGMSG groupname ** |
|
||||
|
Create a message to be sent to a user whose DIAL procedure did not complete successfully |
LOGMSG DIALFAIL** |
|
||||
|
Create a message to be sent to a user whose logon procedure did not complete successfully |
LOGMSG LOGFAIL** |
|
||||
|
Create a message to be sent to a user issuing a request that is subject to the NORULE record in the SECURITY CONFIG file |
LOGMSG NORULE** |
|
||||
|
Change the system log message |
LOGMSG SYSTEM** |
|
||||
|
MACLOAD |
Load a macro to the CA VM:Secure service virtual machine |
MACLOAD |
|
|||
|
MAINT |
Perform line-mode user functions |
MAINT |
[subfunction] |
|||
|
Perform line-mode management functions |
MAINTMAN |
[entry [subfunction]] |
||||
|
Perform line-mode user functions for another user ID |
MAINTMAN entry USER** |
[subfunction] |
||||
|
MANAGE |
Use all selections, 1 through 10, on the Manager Selection Menu (selections withheld are shown as ***not available***.) |
MANAGE |
[entry] |
|||
|
Create user IDs (part of selection 1) |
MANAGE *NEWUSRS |
|
||||
|
Use menu selection 1 |
MANSEL01 |
[entry] |
||||
|
Create user IDs (part of selection 1) |
MANSEL01 *NEWUSRS |
|
||||
|
Use menu selection 2 |
MANSEL02 |
[entry] |
||||
|
Use menu selection 3 |
MANSEL03 |
[entry] |
||||
|
Use menu selection 4 |
MANSEL04 |
[entry] |
||||
|
Use menu selection 5 |
MANSEL05 |
[entry] |
||||
|
Use menu selection 6 |
MANSEL06 |
[entry] |
||||
|
Use menu selection 7 |
MANSEL07 |
[entry] |
||||
|
Use menu selection 8 |
MANSEL08 |
[entry] |
||||
|
Use menu selection 9 |
MANSEL09 |
[entry] |
||||
|
Use menu selection 10 |
MANSEL10 |
[entry] |
||||
|
MAP |
Map a volume |
MAP |
[volume [parameters]] |
|||
|
MAY |
Query the authorizations specified in the AUTHORIZ CONFIG file |
MAY |
[entry [authwrds]] |
|||
|
MDSKSCAN |
Scan a user ID’s minidisks |
MDSKSCAN |
[entry] |
|||
|
MODIFY |
Modify the SFS allocation for a user ID |
MODIFY |
[userid] |
|||
|
MOVE2SFS |
Copy data from a minidisk to SFS |
MOVE2SFS MANAGE |
[userid] |
|||
|
MULTIPLE |
Perform user ID maintenance on several user IDs at the same time |
MULTIPLE |
|
|||
|
Create several user IDs at the same time |
MULTIPLE NEWUSER** |
|
||||
|
Remove several user IDs at the same time |
MULTIPLE REMOVE** |
[entry] |
||||
|
Place several user IDs on hold at the same time |
MULTIPLE HOLD** |
[entry] |
||||
|
Reactivate several held user IDs at the same time |
MULTIPLE ACTIVATE** |
[entry] |
||||
|
NEWIPL |
Change an IPL system name or device in all directory entries to a new IPL system name or device |
NEWIPL |
|
|||
|
NOLOG |
Change a user ID’s password to NOLOG |
NOLOG |
[userid] |
|||
|
OVERRIDE |
Alter privilege classes without shutting down CA VM:Secure |
CPOVERID |
|
|||
|
PAINT |
Change a CA VM:Secure screen |
PAINT |
[screen] |
|||
|
PASSWORD |
Set passwords for a user ID |
PASSWORD |
|
|||
|
Set only randomly generated passwords for a user ID |
PASSWORD userid RANDOM** |
|
||||
|
Set only a specific password for a user ID |
PASSWORD userid SPECIFIC** |
|
||||
|
QCPCFG |
Display information about the CP component configuration |
QCPCFG |
|
|||
|
QLOCK |
Display all CA VM:Secure locks |
QLOCK |
|
|||
|
QPCB |
List active CA VM:Secure processes |
QPCB |
|
|||
|
QRULES |
Query the rules set up for a user ID |
QRULES |
[userid [parameters]] |
|||
|
QSTART |
Display the time CA VM:Secure was most recently started |
QSTART |
|
|||
|
QUERY
|
|
QUERY |
[userid] |
|||
|
|
QUERY ACCOUNT** |
[mgrid] |
||||
|
Display information about a manager's allocation space |
QUERY ALLOC** |
[mgrid] |
||||
|
Display a user ID's privilege class |
QUERY CLASS** |
[userid] |
||||
|
Display the encryption algorithm used to encrypt or decrypt the directory database |
QUERY ENCRYPT** |
|
||||
|
List the names of the file pools that CA VM:Secure manages |
QUERY FILEPOOL** |
|
||||
|
List user IDs on hold |
QUERY HOLD** |
[userid] |
||||
|
List the log messages defined to CA VM:Secure |
QUERY LOGMSG** |
[type] |
||||
|
List user IDs that are directory managers |
QUERY MANAGERS** |
|
||||
|
List user IDs whose passwords have not changed for a specified number of days |
QUERY PASSWORD** |
|
||||
|
List user IDs' directory entries that include a directory profile |
QUERY PRFUSERS** |
[profile] |
||||
|
Display status information about the Servant Facility |
QUERY SERVANT** |
|
||||
|
List the names of the file pools and user storage groups from which you can allocate file space |
QUERY SFS** |
|
||||
|
List the skeleton files that a manager can use |
QUERY SKELETON** |
[mgrid] |
||||
|
List the subpools that a manager can use |
QUERY SUBPOOLS** |
[mgrid] |
||||
|
List the user IDs that a manager manages |
QUERY USERS** |
[entry] |
||||
|
Display the CA VM:Secure release level |
QUERY VERSION** |
|
||||
|
Determine status of long-running commands |
QUERY WORKUNIT** |
[userid] |
||||
|
REBUILD |
Condenses and defragments the CP object directory |
REBUILD |
[userid] |
|||
|
RECLAIM |
Reclaim DASD space from MOVERO minidisks |
RECLAIM |
|
|||
|
REPENTRY* |
Replace a directory entry or directory profile |
REPENTRY |
[entry] |
|||
|
If the new entry adds a minidisk |
ADDMDISK |
[entry] |
||||
|
If the new entry changes a minidisk |
CHGMDISK |
[entry] |
||||
|
If the new entry deletes a minidisk |
DELMDISK |
[entry] |
||||
|
RESET |
Reset any password violation count |
RESET |
|
|||
|
Reset AUTOLOG password violation count |
RESET AUTOLOG** |
[userid [userid]] |
||||
|
Reset password violation counts for a terminal |
RESET DEVICE** |
[termaddr] |
||||
|
Reset CP LINK password violation counts |
RESET LINK** |
[userid [userid [vaddr]] |
||||
|
Reset password violation counts for a user |
RESET USER** |
[userid] |
||||
|
Reset password violation counts for a user that occurred while verifying the password |
RESET USERPASS** |
[userid] |
||||
|
Reset password violation counts that occurred while trying to create a directory link |
RESET VMXLINK** |
[userid [userid [vaddr]] |
||||
|
Reset password violation counts that occurred while xautologging |
RESET XAUTOLOG** |
[userid [targeted]] |
||||
|
REVOKE AUTHORITY |
Allow a user to revoke access to a file space for other users |
REVOKE AUTHORITY filespace |
[userid] |
|||
|
RULEMAP |
Display all types of rules |
RULEMAP |
|
|||
|
Display a user’s rules |
RULEMAP USER** |
[userid] |
||||
|
Display a group’s rules |
RULEMAP GROUP** |
[group] |
||||
|
Display members of a group |
RULEMAP MEMBERS** |
[group] |
||||
|
Display all rules for all members of the system |
RULEMAP ANY** |
[group] |
||||
|
Display rules with specific terminal addresses |
RULEMAP TERM** |
[group] |
||||
|
RULES |
Change all rules |
RULES |
|
|||
|
Change a user’s rules |
RULES USER** |
[userid] |
||||
|
Change a group’s override or default rules |
RULES GROUP** |
[group] |
||||
|
Change the SYSTEM OVERRIDE or SYSTEM DEFAULT rules |
RULES SYSTEM** |
|
||||
|
SUBCONFIG |
None for menu access Processing of SUBCONFIGs controlled by USER authorization |
See USER |
|
|||
|
SYSWORD
|
Query or set the system word |
SYSWORD |
|
|||
|
Query the system word |
SYSWORD QUERY** |
|
||||
|
Set the system word |
SYSWORD SET** |
[token] |
||||
|
TAKEOVER |
Force an AGENT server to become the MASTER |
TAKEOVER |
|
|||
|
TRACE |
Trace execution of a CA VM:Secure macro |
TRACE |
[parameters] |
|||
|
TRANSFER |
Transfer a minidisk from one user ID to another |
TRANSFER |
[entry [newowner]] |
|||
|
ULIST |
Display information about user IDs |
ULIST |
[entry] |
|||
|
UNLOCK* |
Remove a CMS file, profile, or user ID lock |
UNLOCK |
|
|||
|
Remove a lock from a CMS file |
UNLOCK FILE** |
[fname [ftype [fmode]]] |
||||
|
Remove a lock from a profile |
UNLOCK PROFILE** |
[profid] |
||||
|
Remove a lock from a user ID |
UNLOCK USER** |
[userid] |
||||
|
USER |
Use all selections, 1 through 11, on the User Selection Menu (selections withheld are displayed as ***not available***) |
USER |
[userid] |
|||
|
Use menu selection 1 |
USESEL01 |
[userid] |
||||
|
Use menu selection 2 |
USESEL02 |
[userid] |
||||
|
Use menu selection 3 |
USESEL03 |
[userid] |
||||
|
Use menu selection 4 |
USESEL04 |
[userid] |
||||
|
Use menu selection 5 |
USESEL05 |
[userid] |
||||
|
Use menu selection 6 |
USESEL06 |
[userid] |
||||
|
Use menu selection 7 |
USESEL07 |
[userid] |
||||
|
Use menu selection 8 |
USESEL08 |
[userid] |
||||
|
Use menu selection 9 |
USESEL09 |
[userid] |
||||
|
Use menu selection 10 |
USESEL10 |
[userid] |
||||
|
Use menu selection 11 |
USESEL11 |
[userid] |
||||
|
VMXBKP01 |
Create a USER DIRECT file representing a copy of the CA VM:Secure directory database |
BACKUP MAY |
[userid [authority]] |
|||
|
VMXBKP02 |
Create a backup copy of the CA VM:Secure directory database using DDR |
BACKUP |
|
|||
|
VMXBKP03 |
Create a backup copy of the CA VM:Secure directory database using COPYFILE |
BACKUP |
|
|||
|
VMXCPG |
Create and configure replacement CP text files for the CA VM:Secure CP component |
None required |
|
|||
|
VMXFEN01 |
Forward encrypt all passwords in the directory after backing up clear text database |
PEF |
|
|||
|
VMXFEN02 |
Reversibly encrypt all passwords in the directory after backing up clear text database |
PEF |
|
|||
|
VMXFEN03 |
Decrypt all passwords in the reversible encrypted database after backing up the encrypted database |
PEF |
|
|||
|
VMXGNR |
Generate the CA VM:Secure directory database and converts your CP source directory file into CA VM:Secure database format. If specified, VMXGNR can also be used to encrypt the directory database |
None required |
|
|||
|
VMXIPL |
Write an IPLable program on the IPLDISK minidisk; when the program is initialized, it interacts with CA VM:Secure to update a user ID’s logon password |
None required |
|
|||
|
VMXSRA |
Generate a report showing audit data on LOGONBY usage; if the Rules Facility is implemented, also report on the CP commands AUTOLOG, DIAL, LINK, LOGON, SPOOL, STORE HOST, TAG, TRANSFER, and XAUTOLOG |
None required |
|
|||
|
VMXSRB |
Generate a report of all audit data captured by CA VM:Secure |
None required |
|
|||
* Part of the Application Programming Interface
** Cannot be used in LIST records
|
Copyright © 2014 CA.
All rights reserved.
|
|