GRANT AUTHORITY Command

Reference Guide › Command Reference › GRANT AUTHORITY Command

GRANT AUTHORITY Command

Use the GRANT AUTHORITY command to allow users to grant access to SFS directories and files owned by you or other users.

GRANT AUThority ["Parms"] TO “Target” [("Options"]

Parms:

[filename filetype] dirid

Target:

{userid | PUBLIC | nickname}

Options:

[READ | WRITE | NEWRead | NEWWrite | DIRRead | DIRWrite] 
[TYPE | NOType]
[STACK [FIFO | LIFO]]
[FIFO]
[LIFO]

Note: Options can be entered in any order.

The CA VM:Secure GRANT AUTHORITY command syntax is identical to the syntax of the CMS GRANT AUTHORITY command.

Note: For an explanation of all parameters and options for the GRANT AUTHORITY command, see the IBM CMS command reference documentation.

Authorizations

Enroll the CA VM:Secure service virtual machine as an SFS administrator in the DMSPARMS configuration file of every file pool for which the GRANT AUTHORITY command will be issued. CA VM:Secure does not need to manage the file pool.

You must have GRANT AUTHORITY authorization through a GRANT record in the CA VM:Secure AUTHORIZ CONFIG file.

Description

The CA VM:Secure GRANT AUTHORITY command allows you to give certain users, such as directory managers, access to files and directories in file spaces owned by other user IDs.

After verifying that the issuing user ID is authorized to perform the GRANT AUTHORITY command for the target user IDs (including all user IDs in a nickname list), CA VM:Secure passes the GRANT AUTHORITY command to CMS.

CA VM:Secure generates an audit record (1070) for each user ID specified on the command. If a nickname is specified, CA VM:Secure generates an audit record for every user ID defined in the nickname list.

Nickname Resolution

When you specify a nickname for userid, CA VM:Secure first uses information in your NAMES file to determine the local user. If there are user IDs that CA VM:Secure cannot resolve using the NAMES file, it then uses the DMSJNE routine to resolve the remaining unresolved user IDs. DMSJNE is an optional customer‑written routine that returns a local user ID for the supplied user ID and nodeid. If your site uses DMSJNE and it is not available, or if CA VM:Secure cannot resolve any of the user IDs, the GRANT AUTHORITY command terminates with a return code of 328.

Examples

To allow anyone to read the FONE LIST file in the VMSYSU:EMPLOY.INFO directory, enter:
```
vmsecure grant authority fone list vmsysu:employ.info to public ( read
```

To allow anyone to read any file currently in the VMSYSU:ENGINEER.TOOLS directory and any files created in the future, enter:

vmsecure grant authority vmsysu:engineer.tools to public (read newread

vmsecure grant authority * * vmsysu:engineer.tools to public (read

To allow FRAISERC to add new files to the VMSYSU:ENGINEER.TOOLS directory, enter:
```
vmsecure grant authority vmsysu:engineer.tools to fraiserc (write
```

Return Codes and Error Messages

The table, GRANT AUTHORITY Command: Return Codes and Error Messages, lists return codes and error messages for the GRANT AUTHORITY command.

The GRANT AUTHORITY command may also generate CMS messages.

Note: For information about these messages, use the CMS help or see the IBM CMS Commands and Utilities Reference for your release of VM.