Example 4 - Assigning Read-Only Authority to a User Authorization Level

To define a new security profile to allow read-only authority for users, follow this procedure. After you implement it, when a user signs on to IBM® Connect:Direct®, they are assigned an authorization bit mask that allows them to display and view Processes, and display statistics but they cannot submit or run a Process.

Procedure

  1. Modify the DGASECUR macro by locating the USR0ABM label and making the following changes:
    1. Delete both the CHGPRC and DELPRC bits in BYTE05.
    2. Delete the FLSPRC bit in BYTE06.
    3. Delete both the STPNDM and SSTRAC bits in BYTE07.
    4. Delete all bits in BYTE09.
    5. Delete all bits in BYTE10 except for VIEWPR.
    6. Delete all bits in BYTE11.

      The USR0ABM should look like the following:

      USR0ABM	 DS	0XL20	       DEFINES User Group Zero ABM Flags
      U0BYTE0	 DC	XL1’00’	      NOT USED
      U0BYTE1	 DC	XL1’00’	      NOT USED
      U0BYTE2	 DC	XL1’00’	      NOT USED
      U0BYTE3	 DC	XL1’00’	      NOT USED
      U0BYTE4	 DC	XL1’00’	      NOT USED
      U0BYTE5	 DC	XL1’00’	      DELETE/CHANGE PROCESS
      U0BYTE6	 DC	AL1(DSPPRC+DSPSTA) Display Process
      *			                     DISPLAY STATISTICS
      U0BYTE7	 DC	XL1’00’	      STOP START-STOP TRACE
      U0BYTE8	 DC	XL1’00’	      NOT USED
      U0BYTE9	 DC	XL1’00’	      DISPLAY/ADD/DELETE TYPE
      U0BYTE10       DC	AL1(VIEWPR)	 View Process only
      U0BYTE11       DC	XL1’00’	      REMOTE SUBMIT/RUN TASK
      U0BYTE12       DC	XL1’00’	      NOT USED
  2. Modify the DGAMGSAF example in the $CD.SDGASAMP library to assign a file name to the new US0DSN parameter and indicate which volume it resides on.
    DGAMGSAF   DGASECUR TYPE=SAF,                                           X
                   .                                                      X
                   .                                                      X
                   ADMDSN=$CD.ADMIN,                                      X
                   ADMVOL=VOLSER,                                         X
                   OPRDSN=$CD.OPER,                                       X
                   OPRVOL=VOLSER,                                         X
                   DBADSN=$CD.DBA,                                        X
                   DBAVOL=VOLSER,                                         X
                   GENDSN=$CD.GUSER,                                      X
                   GENVOL=VOLSER,                                         X
                   US0DSN=$CD.NEW.USER.LEVEL,                             X
                   US0VOL=VOLSER
  3. Assemble and link-edit the DGAMGSAF module using the sample JCL in $CD.SDGAJCL(DGAJSAF).
     //ASM EXEC PGM=ASMA90,
    // PARM=’OBJECT,NODECK,XREF(SHORT),RENT,USING(WARN(0),NOMAPX
    // ),FLAG(NOCONT),SYSPARM(GEN),NOTEST’
    //SYSIN DD DISP=SHR,DSN=connect.direct.SDGASAMP(DGA*****)
    //SYSLIB DD DISP=SHR,DSN=connect.direct.samplib
    // DD DISP=SHR,DSN=SYS1.MACLIB
    // DD DISP=SHR,DSN=SYS1.AMODGEN
    // DD DISP=SHR,DSN=SYS1.AMACLIB
    // DD DISP=SHR,DSN=security.maclib
    //SYSLIN DD DISP=(,PASS),DSN=&&OBJ,
    // UNIT=SYSDA,SPACE=(CYL,(1,1)),
    // DCB=(DSORG=PS,RECFM=FB,LRECL=80,BLKSIZE=3120)
    //SYSPRINT DD SYSOUT=*
    //SYSTERM DD SYSOUT=*
    //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(1,1))
    //*************************
    //* LKED *
    //*************************
    //LKED EXEC PGM=IEWL,COND=(0,LT,ASM),
    // PARM=(’SIZE=(256K,13K),LIST,LET,XREF,RENT’,
    // ’REUS’)
    //SYSLIB DD DISP=SHR,DSN=connect.direct.SDGALINK
    // DD DISP=SHR,DSN=security.loadlib
    //SYSLIN DD DISP=(OLD,DELETE),DSN=&&OBJ
    //SYSLMOD DD DISP=SHR,DSN=connect.direct.SDGALINK(DGA*****)
    //SYSPRINT DD SYSOUT=*
    //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(1,1),,CONTIG)
  4. If necessary, update the IBM Connect:Direct initialization parameter, SECURITY.EXIT, to specify the new exit.
     SECURITY.EXIT = (mod-name,ALL)
  5. Initialize IBM Connect:Direct.