Functional Authority Privileges
The privileges set for each of the four standard IBM® Connect:Direct® functional authority levels are the default privileges provided in the base product. This section describes how to change the privileges in the standard functional authority levels or add new functional authority levels.
You can modify the IBM Connect:Direct stage 2 security exit macro, DGAXAUTH, to change the functions a user can perform in a particular authorization level. The $CD.SDGAMAC library contains a macro called DGA$MFLG that describes each of the 20 bytes of functional authorization.
The following is the generic 20 byte mask that is mapped by a dummy section (DSECT) in the DGA$MFLG macro along with a definition of each byte, the general function that the bits represent, and the specific settings:
Byte | Function | Setting |
---|---|---|
BYTE00 | Reserved for future use | |
BYTE01 | Display, Add, Update, and Delete User Commands | ADDUSR–Add user UPDUSR–Update user DELUSR– Delete user DSPUSR–Display user |
BYTE02 | Reserved for future use | |
BYTE03 | Reserved for future use | |
BYTE04 | Display, Add, Update, and Delete Network Map Commands | ADDNET–Add network map UPDNET–Update network map DELNET–Delete network map DSPNET–Display network map |
BYTE05 | Change and Delete Process Commands | CHGPRC–Change Process DELPRC–Delete Process |
BYTE06 | Display Process, Statistics, and Traces, Flush Process, and Use Stats commands | DSPPRC–Display Process DSPSTA–Display Statistics DSPTRC–Display Trace FLSPRC–Flush Process STATCMD–Use Statistics Commands |
BYTE07 | Start/Stop IBM Connect:Direct, Start/Stop Traces, Modify Init parms, Suspend/Resume Sessions, Use Event Services, Update APKey commands, and Update initialization parameters in Control Center | STPNDM–Start/Stop IBM Connect:Direct SSTRAC–Start/Stop Traces and Modify Initparms EVENTCMD–Use Event Services Commands REFSH–Update init parms UPDKEY–Update license key |
BYTE08 | Perform Connect:Direct Secure Plus Parm file and netmap administration functions in Control Center | S#RNCR–Grant access to the ADMIN.S panel from which only the CR and RF commands can be issued.
S#WNCR–Grant access to the ADMIN.S panel from which only the SA command can be issued. DSPNCR–Display netmap control functions in Control Center UPDNCR–Allow netmap update functions in Control Center |
BYTE09 | Display, Add, Update, and Delete Type commands | ADDTYP–Add type UPDTYP–Update type DELTYP–Delete type DSPTYP–Display type |
BYTE10 | Use COPY, RUN JOB, MODALS, and SUBMIT Statements, and View Process and CRC Override commands | GCOPY–Use COPY statement GRUNJ–Use RUN JOB statement GMODALS–Use MODAL statement GSUBMIT–Use SUBMIT statement VIEWPR–View Process GOVCRC–Perform CRC overrides |
BYTE11 | Use Submit within a Process and RUN TASK statements, display Confirm Delete prompt, and turn Confirm Delete prompt off for a session. Note: The Confirm Delete function also includes the
Flush and Suspend commands, that is, the user is prompted to confirm
before the Flush and Suspend Commands in addition to the Delete command.
|
GSUB–Use Submit within a Process statement GRUNT–Use RUN TASK statement GCDEL–Display Confirm Delete, Flush, and Suspend prompts GCDELOFF–Turn off Confirm delete prompt off for session |
BYTE12 | General User Functions– Select, Delete, Flush,
Change, and View Process, and Display Statistics, and Display Plex
environment (the last command for an Administrator only). Note: The
General User functions enable you to restrict applying each command
to Processes associated with a submitter ID.
|
GDSPPRC–Display Process GDELPRC–Delete Process GDFLSPRC–Flush Process GDSPSTA–Display Statistics GCHGPRC–Change Process GVIEWPR–View Process DSPPLX–Display Plex Environment |
BYTE13 | Reserved for future use | |
BYTE14 | Reserved for future use | |
BYTE15 | Reserved for future use | |
BYTE16 | Reserved for future use | |
BYTE17 | Reserved for future use | |
BYTE18 | Reserved for future use | |
BYTE19 | Reserved for future use |
The sample exit macro DGAXAUTH contains authorization bit masks for the four standard IBM Connect:Direct authority groups. The default settings shown in the following ABMs are in the DGAXAUTH macro in the $CD.SDGAMAC library. The DGA$MFLG bit mask contains all possible functions for each byte whereas the bit masks for a particular IBM Connect:Direct authority group may contain only a subset of the available functions. For example, BYTE 10 (DBA10) in the DB2 data base authority level authorization bit mask (DBAABM) below does not contain the View Process function (VIEWPR) while BYTE 10 in the ABM for the Operator authority level does. (Bytes reserved for future use are not shown.)
DGAXAUTH Authorization Bit Mask Examples
The following example shows the authorization bit mask for the Administrator authority level (ADMABM).
|
The following example shows the authorization bit mask for the Operator authority level (OPERABM).
|
The following example shows the authorization bit mask for the DB2 data base authority level (DBAABM).
|
The following example shows the authorization bit mask for the General User authority level (GUSRABM).
|
To change the bits in any given authorization byte, locate the bit labels in the DGA$MFLG macro and update the DGAXAUTH macro. To implement any changes made and put your new exit into effect, you must stop and restart IBM Connect:Direct.