Example 5 - Defining a New Administrator Level

To define a new security profile giving the administrator all normal administrator functions except the ability to run Processes, follow this procedure. Authorization BYTES 10 and 11 represent the functions that are to be disallowed. If you have used USR0DSN to define another level, use USR1DSN for this new profile.

  1. Modify the DGASECUR macro by locating the USR1ABM label and updating the various bytes as follows:
    USR1ABM	DC	0XL20
    U1BYTE0	DC	XL1’00’	NOT USED
    U1BYTE1	DC	AL1(ADDUSR+UPDUSR+DELUSR+DSPUSR)
    U1BYTE2	DC	XL1’00’	NOT USED
    U1BYTE3	DC	XL1’00’	NOT USED 
    U1BYTE4	DC	AL1(ADDNET+UPDNET+DELNET+DSPNET)
    U1BYTE5	DC	AL1(CHGPRC+DELPRC)
    U1BYTE6	DC	AL1(DSPPRC+DSPSTA+FLSPRC+STATCMD)
    U1BYTE7	DC	AL1(STPNDM+SSTRAC+EVENTCMD+UPDKEY)
    U1BYTE8	DC	AL1(UPDNCR+DSPNCR)
    U1BYTE9	DC	AL1(ADDTYP+UPDTYP+DELTYP+DSPTYP)
    U1BYTE10      DC	AL1(VIEWPR)
    U1BYTE11      DC	XL1’00’
    U1BYTE12      DC	AL1(DSPPLX)
    U1BYTE13      DC	XL1’00’
    U1BYTE14      DC	XL1’00’	
  2. Modify the DGAMGSAF example in THE $CD.SDGASAMP library to define the new US1DSN parameter with the new security profile as follows:
    DGAMGSAF   DGASECUR TYPE=SAF,                                           X
                   .                                                      X
                   .                                                      X
                   ADMDSN=$CD.ADMIN,                                      X
                   ADMVOL=VOLSER,                                         X
                   OPRDSN=$CD.OPER,                                       X
                   OPRVOL=VOLSER,                                         X
                   DBADSN=$CD.DBA,                                        X
                   DBAVOL=VOLSER,                                         X
                   GENDSN=$CD.GUSER,                                      X
                   GENVOL=VOLSER,                                         X
                   US0DSN=$CD.NEW.USER.LEVEL,                             X
                   US0VOL=VOLSER,                                         X
                   US1DSN=$CD.NEW.ADMIN,                                  X
                   US1VOL=VOLSER
  3. Assemble and link-edit the DGAMGSAF module using the sample JCL in $CD.SDGAJCL(DGAJSAF).
  4. If necessary, update the initialization parameter, SECURITY.EXIT, to specify the new exit.
  5. Initialize IBM® Connect:Direct® in the normal manner.