To define a new security profile giving the administrator
all normal administrator functions except the ability to run Processes,
follow this procedure. Authorization BYTES 10 and 11 represent the
functions that are to be disallowed. If you have used USR0DSN to define
another level, use USR1DSN for this new profile.
-
Modify the DGASECUR macro by locating the USR1ABM label and updating the various bytes as
follows:
USR1ABM DC 0XL20
U1BYTE0 DC XL1’00’ NOT USED
U1BYTE1 DC AL1(ADDUSR+UPDUSR+DELUSR+DSPUSR)
U1BYTE2 DC XL1’00’ NOT USED
U1BYTE3 DC XL1’00’ NOT USED
U1BYTE4 DC AL1(ADDNET+UPDNET+DELNET+DSPNET)
U1BYTE5 DC AL1(CHGPRC+DELPRC)
U1BYTE6 DC AL1(DSPPRC+DSPSTA+FLSPRC+STATCMD)
U1BYTE7 DC AL1(STPNDM+SSTRAC+EVENTCMD+UPDKEY)
U1BYTE8 DC AL1(UPDNCR+DSPNCR)
U1BYTE9 DC AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)
U1BYTE10 DC AL1(VIEWPR)
U1BYTE11 DC XL1’00’
U1BYTE12 DC AL1(DSPPLX)
U1BYTE13 DC XL1’00’
U1BYTE14 DC XL1’00’
|
- Modify the DGAMGSAF example in THE $CD.SDGASAMP library
to define the new US1DSN parameter with the new security profile as
follows:
DGAMGSAF DGASECUR TYPE=SAF, X
. X
. X
ADMDSN=$CD.ADMIN, X
ADMVOL=VOLSER, X
OPRDSN=$CD.OPER, X
OPRVOL=VOLSER, X
DBADSN=$CD.DBA, X
DBAVOL=VOLSER, X
GENDSN=$CD.GUSER, X
GENVOL=VOLSER, X
US0DSN=$CD.NEW.USER.LEVEL, X
US0VOL=VOLSER, X
US1DSN=$CD.NEW.ADMIN, X
US1VOL=VOLSER
|
- Assemble and link-edit the DGAMGSAF module using the sample
JCL in $CD.SDGAJCL(DGAJSAF).
- If necessary, update the initialization parameter, SECURITY.EXIT,
to specify the new exit.
- Initialize IBM® Connect:Direct® in
the normal manner.