AuthorizationsGranting Authorizations to Use Commands on Only Some User IDsWorking with GRANT AUTHORITY and REVOKE AUTHORITY Authorizations › Specifying Keyword User IDs

Previous Topic: Specifying User IDs

Next Topic: Granting Authorizations to Restrict Commands Use To Specific Terminals (CA VM:Secure only)

Specifying Keyword User IDs

You can also use the PUBLIC and ALL keyword user IDs after the OVER parameter. These keywords can be used only on the GRANT AUTHORITY and REVOKE AUTHORITY command authorizations.

PUBLIC Keyword User ID

You can use the PUBLIC keyword user ID for both the GRANT AUTHORITY and REVOKE AUTHORITY command authorizations. The PUBLIC keyword user ID indicates all user IDs that can connect to the file pool. PUBLIC does not imply a specific user ID.

ALL Keyword User ID

You can use the ALL keyword user ID for only the REVOKE AUTHORITY command authorization. The ALL keyword authorization indicates all users for a file or directory.

Example:1

Authorize WOODYB to use the GRANT AUTHORITY command for the files and directories in the QA:FORMS file space for all users that can connect to that file pool. Add this GRANT record to the CA VM:Secure AUTHORIZ CONFIG file:

GRANT GRANT AUTHORITY QA:FORMS OVER PUBLIC TO WOODYB

Example:2

Authorize WOODYB to use the REVOKE AUTHORITY command to revoke authority from all users for the directories in the QA:FORMS file space. Add this GRANT record to the CA VM:Secure AUTHORIZ CONFIG file:

GRANT REVOKE AUTHORITY QA:FORMS OVER ALL TO WOODYB

Example:3

Allow CARLAT to grant authority to all users who can connect to the TCOM:SPEC and TCOM:DESIGN file spaces. Also, authorize CARLAT to use the REVOKE AUTHORITY command to remove authority from all users for the TCOM:PERSONAL file space. Add the following records to the CA VM:Secure AUTHORIZ CONFIG file:

GRANT GRANT AUTHORITY TCOM:SPEC OVER PUBLIC TO CARLAT
GRANT GRANT AUTHORITY TCOM:DESIGN OVER PUBLIC TO CARLAT
GRANT REVOKE AUTHORITY TCOM:PERSONAL OVER ALL TO CARLAT

Example:4

Allow all directory managers (represented by the *DIRMGRS predefined variable list) to grant access to any users they manage to any of the managed user’s file spaces in SYSUSE and HR file pools. Add the following records to the CA VM:Secure AUTHORIZ CONFIG file:

LIST *FPOOLS SYSUSE HR
GRANT GRANT AUTHORITY *FPOOLS:*DIRUSRS OF *SELF OVER  *DIRUSRS OF *SELF TO *DIRMGRS