The entity used to check authorization depends on the user request:
$$xxxyyy.qname.groupname.varname
To permit USERA to operate with a group and a Database variable, use the following commands:
For RACF:
RDEFINE FACILITY $$xxxyyy.qname.groupname.varname UACC(NONE)
PERMIT $$xxxyyy.qname.groupname.varname CLASS(FACILITY) ID(USERA) ACCESS(READ)
For TopSecret:
TSS PERMIT(USERA) IBMFAC($$xxxyyy.qname.groupname.varname) ACC(READ)
For ACF2/SAF:
SET RESOURCE(CMF)
COMP
$KEY($$xxxyyy.qname.groupname.varname)
UID (USERA) ALLOW
where
xxx is a three character string that defines the object of the request as follows:
Table 68 Object String Definition
String |
Description |
---|---|
GRP |
Group |
VRB |
Database variable |
VRG |
Database variable generation |
yyy is a three character string that defines the request as follows:
Table 69 Request String Definition
String |
Description |
---|---|
CRE |
Create |
CNF |
Confirm |
UPD |
Update |
DEL |
Delete |
ROL |
Database variable rollback (with VRG only) |
VEW |
View |
VWV |
View Database variable in the group |
VWG |
View Database variable generation |
USE |
Use (with GRP only) |
Table 70 CTBSE03 Parameters
Parameter |
Description |
---|---|
groupname |
First characters of the requested group name (a maximum of 12 characters). |
varname |
First characters of the requested Database variable name (a maximum of 12 characters). |
Used only when the object of the request is a Database variable or Database variable generation. If varname is omitted, the full name of the requested group can be used in the corresponding entity. Optional. |
When an attempt is made to execute any of these commands, security module CTBSE03 is called to check if the command must be executed. In this case, this security module does not perform security checks for each line of the screen. For performance reasons, the check on each screen line is not performed.
Parent Topic |