Description

Configuration File Reference › GRANT Record › Description

Description

Depending on your site’s requirements, authorizations can be simple complex. For more information about setting up authorizations, see the chapter "Authorizations" in the Administration Guide. A user ID must be defined in the VMSECURE MANAGERS file to use manage subfunctions that manipulate DASD. See the chapter on directory managers in the Administration Guide for more information.

Example

Give user ID VMANAGER every possible authorization to make him a system administrator:
```
GRANT * TO VMANAGER
```
Permit BATMAN to use selection 3 (Select User Menu) from the Manager Selection Menu and all selections from the User Selection Menu to manage user IDs assigned to manager ROBIN. BATMAN is not allowed to use any other menu selection from the Manager Selection Menu over these users:
```
GRANT MANSEL03 OVER *DIRUSRS OF ROBIN TO BATMAN
GRANT USER OVER *DIRUSRS OF ROBIN TO BATMAN
```
Authorize JETHRO, ELLIMAE, and JED to use any selection from the Manager Selection Menu for any user ID other than their own (users cannot use the Manager Selection Menu to manage their own user IDs):
```
GRANT MANAGE *ALL TO JETHRO ELLIMAE JED
```
Authorize every user ID to use selections 3, 4, and 6 from the User Selection Menu, but no others. First, add a LIST record to create a list of authorizations to grant, then grant the list to all users:
```
LIST *USRSTUF USESEL03 USESEL04 USESEL06
GRANT *USRSTUF OVER *SELF TO *ALL
```
Permit only users TED and MAINT to assign class A privilege through the CLASS command:
```
GRANT CLASS A TO TED MAINT
```
Grant manage authority to a list of directory managers. First, add a LIST record to create the list, then grant manage authority to the list:
```
LIST *MGRTEAM TLOOIS BABS JOEP KRISTEN KAYCEEP
GRANT MANAGE OVER *DIRUSRS OF *SELF TO *MGRTEAM
```
Authorize SCOTTY to use the site‑written macro FINDMGR (site‑written macros require special authorization):
```
GRANT $FINDMGR TO SCOTTY
```
Note that some keyboards ascribe a different hexadecimal representation to the dollar sign, which, in the U.S., is usually X‘24.’ In the United Kingdom, X‘24’ is the pound sign, so this GRANT record is written:
```
GRANT #FINDMGR TO SCOTTY
```
Grant a single MAINT MANAGE subfunction, DISKMOVE, over user ID SPOCK to manager KIRK:
```
GRANT MAINTMAN SPOCK DISKMOVE TO KIRK
```
(CA VM:Secure only) Permit any member of the groups DEVEL and MAINT to assign a user ID to manager MYNOR:
```
GRANT ASSIGN * MYNOR TO DEVEL MAINT (GROUP
```
(CA VM:Secure only) Permit DAVID to use CHGMDISK for any user ID whose manager belongs to security group SYSTEMS:
```
GRANT CHGMDISK OVER *DIRUSRS OF *GRPMEMS OF SYSTEMS TO DAVID
```
Permit MAINT to use CPFMTXA command:
```
GRANT CPFMTXA TO MAINT
```
This allows MAINT to execute the CPFMTXA command:
```
VMSECURE CPFMTXA parameters
```

Tell Technical Publications how we can improve this information