Initial Entry to the Rule Status Screen (Screen OS)
For every action that is performed on this screen, security verifies authorization for the action in which the CLASS checked is FACILITY and the entity checked is:
$$CTOPNLOS.qname
Subsequent Operations in the Rule Status Screen (Screen OS)
For all actions (hold, free, delete, and so on) that are performed on this screen, security verifies authorization.
The check verifies that a user who submits jobs with parameter USER has authority equal to that of the rule’s owner. A user who is authorized to submit a job on behalf of others is also authorized to perform specific actions (hold, delete, and so on) on rules belonging to other users. If the user is the job’s owner, the security check is bypassed.
RACF Security
The CLASS checked is SURROGAT. The entity checked is:
owner.SUBMIT
where owner is the user ID assigned to the accessed rule.
TopSecret Security
TopSecret Application Interface module (TSSAI) is called with the following parameters:
Class Name: ACIDCHK
Resource Name: ownerid
where ownerid is the user ID assigned to the accessed rule.
ACF2/SAF Security
For all actions (hold, free, delete, and so on) that are performed on this screen, IOA security verifies authorization. The CLASS checked is FACILITY. The entity checked is $SUBMIT.owner
where owner is the user ID assigned to the accessed rule.
Parent Topic |