Functional Authority Privileges

The privileges set for each of the four standard IBM® Connect:Direct® functional authority levels are the default privileges provided in the base product. This section describes how to change the privileges in the standard functional authority levels or add new functional authority levels.

You can modify the IBM Connect:Direct stage 2 security exit macro, DGAXAUTH, to change the functions a user can perform in a particular authorization level. The $CD.SDGAMAC library contains a macro called DGA$MFLG that describes each of the 20 bytes of functional authorization.

The following is the generic 20 byte mask that is mapped by a dummy section (DSECT) in the DGA$MFLG macro along with a definition of each byte, the general function that the bits represent, and the specific settings:

Byte Function Setting
BYTE00 Reserved for future use  
BYTE01 Display, Add, Update, and Delete User Commands ADDUSR–Add user

UPDUSR–Update user

DELUSR– Delete user

DSPUSR–Display user

BYTE02 Reserved for future use  
BYTE03 Reserved for future use  
BYTE04 Display, Add, Update, and Delete Network Map Commands ADDNET–Add network map

UPDNET–Update network map

DELNET–Delete network map

DSPNET–Display network map

BYTE05 Change and Delete Process Commands CHGPRC–Change Process

DELPRC–Delete Process

BYTE06 Display Process, Statistics, and Traces, Flush Process, and Use Stats commands DSPPRC–Display Process

DSPSTA–Display Statistics

DSPTRC–Display Trace

FLSPRC–Flush Process

STATCMD–Use Statistics Commands

BYTE07 Start/Stop IBM Connect:Direct, Start/Stop Traces, Modify Init parms, Suspend/Resume Sessions, Use Event Services, Update APKey commands, and Update initialization parameters in Control Center STPNDM–Start/Stop IBM Connect:Direct

SSTRAC–Start/Stop Traces and Modify Initparms

EVENTCMD–Use Event Services Commands

REFSH–Update init parms

UPDKEY–Update license key

BYTE08 Perform Connect:Direct Secure Plus Parm file and netmap administration functions in Control Center S#RNCR–Grant access to the ADMIN.S panel from which only the CR and RF commands can be issued.

S#WNCR–Grant access to the ADMIN.S panel from which only the SA command can be issued.

DSPNCR–Display netmap control functions in Control Center

UPDNCR–Allow netmap update functions in Control Center

BYTE09 Display, Add, Update, and Delete Type commands ADDTYP–Add type

UPDTYP–Update type

DELTYP–Delete type

DSPTYP–Display type

BYTE10 Use COPY, RUN JOB, MODALS, and SUBMIT Statements, and View Process and CRC Override commands GCOPY–Use COPY statement

GRUNJ–Use RUN JOB statement

GMODALS–Use MODAL statement

GSUBMIT–Use SUBMIT statement

VIEWPR–View Process

GOVCRC–Perform CRC overrides

BYTE11 Use Submit within a Process and RUN TASK statements,

display Confirm Delete prompt, and turn Confirm Delete

prompt off for a session.

Note: The Confirm Delete function also includes the Flush and Suspend commands, that is, the user is prompted to confirm before the Flush and Suspend Commands in addition to the Delete command.
GSUB–Use Submit within a Process statement

GRUNT–Use RUN TASK statement

GCDEL–Display Confirm Delete,

Flush, and Suspend prompts

GCDELOFF–Turn off Confirm delete

prompt off for session

BYTE12 General User Functions– Select, Delete, Flush, Change, and View Process, and Display Statistics, and Display Plex environment (the last command for an Administrator only).
Note: The General User functions enable you to restrict applying each command to Processes associated with a submitter ID.
GDSPPRC–Display Process

GDELPRC–Delete Process

GDFLSPRC–Flush Process

GDSPSTA–Display Statistics

GCHGPRC–Change Process

GVIEWPR–View Process

DSPPLX–Display Plex Environment

BYTE13 Reserved for future use  
BYTE14 Reserved for future use  
BYTE15 Reserved for future use  
BYTE16 Reserved for future use  
BYTE17 Reserved for future use  
BYTE18 Reserved for future use  
BYTE19 Reserved for future use  

The sample exit macro DGAXAUTH contains authorization bit masks for the four standard IBM Connect:Direct authority groups. The default settings shown in the following ABMs are in the DGAXAUTH macro in the $CD.SDGAMAC library. The DGA$MFLG bit mask contains all possible functions for each byte whereas the bit masks for a particular IBM Connect:Direct authority group may contain only a subset of the available functions. For example, BYTE 10 (DBA10) in the DB2 data base authority level authorization bit mask (DBAABM) below does not contain the View Process function (VIEWPR) while BYTE 10 in the ABM for the Operator authority level does. (Bytes reserved for future use are not shown.)

DGAXAUTH Authorization Bit Mask Examples

The following example shows the authorization bit mask for the Administrator authority level (ADMABM).

ABYTE1   DC    AL1(ADDUSR+UPDUSR+DELUSR+DSPUSR)
ABYTE4   DC    AL1(ADDNET+UPDNET+DELNET+DSPNET)
ABYTE5   DC    AL1(CHGPRC+DELPRC)
ABYTE6   DC    AL1(DSPPRC+DSPSTA+FLSPRC+STATCMD)
ABYTE7   DC    AL1(STPNDM+SSTRAC+EVENTCMD+UPDKEY)
ABYTE8   DC    AL1(UPDNCR+DSPNCR+S#WNCR+S#RNCR)
ABYTE9   DC    AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)
ABYTE10  DC    AL1(GCOPY+GRUNJ+GMODALS+GSUBMIT+VIEWPR+GOVCRC)
ABYTE11  DC    AL1(GSUB+GRUNT)
ABYTE12  DC    AL1(DSPPLX)

The following example shows the authorization bit mask for the Operator authority level (OPERABM).

OPER1	DC	XL1(00)	NULL - Not Set
OPER4	DC	XL1(00)	NULL - Not Set
OPER5	DC	AL1(CHGPRC+DELPRC)	 DELETE/CHANGE PROCESS
OPER6	DC	AL1(DSPPRC+DSPSTA+FLSPRC) DISPLAY/FLUSH PROCESS
*	                           	     DISPLAY STATISTICS
OPER7	DC	AL1(STPNDM+SSTRAC)	STOP START-STOP TRACE 
OPER9	DC	AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)                                                     
*	                               DISPLAY/ADD/DELETE TYPE
OPER10	DC	AL1(GCOPY+GRUNJ+GMODALS+GSUBMIT+VIEWPR+GOVCRC)
*	                               COPY/RUN JOB/MODALS/SUBMIT
OPER11	DC	AL1(GSUB+GRUNT)  REMOTE SUBMIT/RUN TASK

The following example shows the authorization bit mask for the DB2 data base authority level (DBAABM).

DBA1	DC	XL1(00)	NULL - Not Set
DBA4	DC	XL1(00)	NULL - Not Set
DBA9	DC	AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)
*	DISPLAY/ADD/DELETE TYPE
DBA10	DC	AL1(GCOPY+GRUNJ+GMODALS+GSUBMIT+GOVCRC)
*
DBA11	DC	AL1(GSUB+GRUNT)	COPY/RUN JOB/MODALS/SUBMIT
REMOTE SUBMIT/RUN TASK

The following example shows the authorization bit mask for the General User authority level (GUSRABM).

GUSR1    DC    XL1(00)              NULL - Not Set
GUSR4    DC    XL1(00)              NULL - Not Set
GUSR9    DC    AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)
*                                   DISPLAY/ADD/DELETE TYPE
GUSR10   DC    AL1(GCOPY+GRUNJ+GMODALS+GSUBMIT+GOVCRC)
*                                   COPY/RUN JOB/MODALS/SUBMIT
GUSR11   DC    AL1(GSUB+GRUNT)      REMOTE SUBMIT/RUN TASK
GUSR12   DC    AL1(GDSPPRC+GDELPRC+GFLSPRC+GDSPSTA+GCHGPRC+GVIEWPR)
*                                   DISPLAY/CHANGE/FLUSH/STATS FOR
*                                   SUBMITTERS PROCESS ONLY

To change the bits in any given authorization byte, locate the bit labels in the DGA$MFLG macro and update the DGAXAUTH macro. To implement any changes made and put your new exit into effect, you must stop and restart IBM Connect:Direct.