Description

Configuration File Reference › LIST Record › Description

Description

The LIST record is optional. Using LIST records you can:

Build lists that supplement the special authorizations provided with CA VM:Secure.
Nest lists created with one LIST record in lists created by another LIST record.
Create user ID lists and authority lists in separate LIST records, then use these lists in a GRANT or WITHHOLD record.

Note: Verify any items associated with the LIST record; CA VM:Secure does not validate LIST record items.

For more information about using lists in authorizations, see User ID Lists and Authorization Lists in the chapter "Authorizations" in the Administration Guide.

Examples

When you put a command on a LIST record and grant that list of commands to a user ID, you are giving that user ID authority to use the command over all user IDs. For example, the MANAGE command is one of several commands specified for the *DIRCMDS authorization by the following LIST record, which you then use to grant *DIRCMDS authorization to ELROY, a manager at your site:
```
LIST *DIRCMDS MANAGE QUERY PASSWORD
GRANT *DIRCMDS TO ELROY
```
The combination of this LIST record and this GRANT record is equivalent to the following record, and means that ELROY can manage anyone:
```
GRANT MANAGE OVER *ALL TO ELROY
```
In contrast to the previous example, assume the MANAGE command is not part of any authorization list, and, in fact, the authorization *DIRCMDS does not exist. On a GRANT record, give ELROY permission to use the MANAGE command:
```
GRANT MANAGE TO ELROY
```
This GRANT record is equivalent to the following record, and means that ELROY can manage only his own users:
```
GRANT MANAGE OVER *DIRUSRS OF *SELF TO ELROY
```
Define the list called *MYGRP that includes the user IDs USER01, USER02, USER03, and USER04:
```
LIST *MYGRP USER01 USER02 USER03 USER04
```
You want all users in the list *MYGRP, defined above, to be able to extract audit records, take CA VM:Secure backups, and use the EXTRACT command. Define a list called *MYAUTHS that includes the CA VM:Secure commands these user IDs should be allowed to use, then grant authority to *MYAUTHS to the user IDs in the list *MYGRP:
```
LIST *MYAUTHS AUDITEXT BACKUP EXTRACT MAY
GRANT *MYAUTHS TO *MYGRP
```

Tell Technical Publications how we can improve this information