Authorizations › Authorizations for Command Processing

Previous Topic: Authorizations for General Users

Next Topic: DIAGPCHK Authorization (CA VM:Secure only)

Authorizations for Command Processing

Authorizations for command processing are those authorizations that do not relate to any one command. They refer instead to the way processing takes place for different commands.

*

User can use all commands.

*ALL

User can use all commands.

*ANY

User can use all commands.

ANYPOOL

User can allocate minidisks in any existing subpool.

ANYSKEL

User can create a user ID using any existing skeleton file.

CACHED

User can change the caching attribute of a minidisk: create or scratch a minidisk on a cached device or change an existing minidisk to or from a cached device.

DIAGPCHK (CA VM:Secure only)

User can use DIAGNOSE X’A0’, subfunction X’04’ to ask CA VM:Secure to use to verify a password in the object directory. Virtual machine can ask CA VM:Secure to verify that a user ID is allowed to perform a LOGON BY of another user ID.

MOVERO

User can move a minidisk that has read–only links.

Note: When you move a minidisk that a user has linked read–only, CA VM:Secure holds the space the minidisk occupies until you use the RECLAIM command against the minidisk. CA VM:Secure maintains the minidisk by redefining it to the CA VM:Secure directory entry with a virtual address in the range 600 to 6FF. For more information, see the RECLAIM Command in the chapter "Command Reference" in the Reference Guide.

NOCOPY

User can move a minidisk without actually moving the data on that disk.

NOFORMAT ADD

User can add a minidisk without formatting it.

NOFORMAT DELETE

User can delete a minidisk without formatting it.

NOFORMAT MOVE

User can move a minidisk without formatting it.

NOFORMAT

Combination of NOFORMAT ADD, NOFORMAT DELETE, and NOFORMAT MOVE authorizations

NOPASS [ command ]

Skips the check of the logon password when a user issues command. The user must be separately authorized for the command.

Note: If you use the NOPASS special authorization and do not specify command, that user ID has NOPASS authorization for all the commands you authorize that user ID to use.

OVERRIDE NEWUSER

User can override rejection by the NEWUSER exit when creating a user ID, or to override the NEWUSER exit’s choice of manager name.

SFSADMIN

User can configure CA VM:Secure for SFS.

SURROGAT (CA VM:Secure only)

User can create, delete, suspend, and resume surrogate relationships for user IDs.

The following examples show how to use a few of the command processing authorizations.

Example:1

Authorize users in the SYSPROGS list to issue any command:

LIST *SYSPROGS MAINT VMANAGER JOE
GRANT *ALL TO SYSPROGS

Example:2

Let the directory managers enter any CA VM:Secure command without being prompted for their logon password:

GRANT NOPASS TO *DIRMGRS

Example:3

Allow MAINT to allocate minidisks in any existing subpool:

GRANT ANYPOOL TO MAINT