Example 4 - Assigning Read-Only Authority to a User Authorization Level
To define a new security profile to allow read-only authority for users, follow this procedure. After you implement it, when a user signs on to IBM® Connect:Direct®, they are assigned an authorization bit mask that allows them to display and view Processes, and display statistics but they cannot submit or run a Process.
Procedure
-
Modify the DGASECUR macro by locating the USR0ABM label and making the following changes:
- Delete both the CHGPRC and DELPRC bits in BYTE05.
- Delete the FLSPRC bit in BYTE06.
- Delete both the STPNDM and SSTRAC bits in BYTE07.
- Delete all bits in BYTE09.
- Delete all bits in BYTE10 except for VIEWPR.
-
Delete all bits in BYTE11.
The USR0ABM should look like the following:
USR0ABM DS 0XL20 DEFINES User Group Zero ABM Flags U0BYTE0 DC XL1’00’ NOT USED U0BYTE1 DC XL1’00’ NOT USED U0BYTE2 DC XL1’00’ NOT USED U0BYTE3 DC XL1’00’ NOT USED U0BYTE4 DC XL1’00’ NOT USED U0BYTE5 DC XL1’00’ DELETE/CHANGE PROCESS U0BYTE6 DC AL1(DSPPRC+DSPSTA) Display Process * DISPLAY STATISTICS U0BYTE7 DC XL1’00’ STOP START-STOP TRACE U0BYTE8 DC XL1’00’ NOT USED U0BYTE9 DC XL1’00’ DISPLAY/ADD/DELETE TYPE U0BYTE10 DC AL1(VIEWPR) View Process only U0BYTE11 DC XL1’00’ REMOTE SUBMIT/RUN TASK U0BYTE12 DC XL1’00’ NOT USED
- Modify the DGAMGSAF example in the $CD.SDGASAMP library
to assign a file name to the new US0DSN parameter and indicate which
volume it resides on.
DGAMGSAF DGASECUR TYPE=SAF, X . X . X ADMDSN=$CD.ADMIN, X ADMVOL=VOLSER, X OPRDSN=$CD.OPER, X OPRVOL=VOLSER, X DBADSN=$CD.DBA, X DBAVOL=VOLSER, X GENDSN=$CD.GUSER, X GENVOL=VOLSER, X US0DSN=$CD.NEW.USER.LEVEL, X US0VOL=VOLSER
- Assemble and link-edit the DGAMGSAF module using the sample
JCL in $CD.SDGAJCL(DGAJSAF).
//ASM EXEC PGM=ASMA90, // PARM=’OBJECT,NODECK,XREF(SHORT),RENT,USING(WARN(0),NOMAPX // ),FLAG(NOCONT),SYSPARM(GEN),NOTEST’ //SYSIN DD DISP=SHR,DSN=connect.direct.SDGASAMP(DGA*****) //SYSLIB DD DISP=SHR,DSN=connect.direct.samplib // DD DISP=SHR,DSN=SYS1.MACLIB // DD DISP=SHR,DSN=SYS1.AMODGEN // DD DISP=SHR,DSN=SYS1.AMACLIB // DD DISP=SHR,DSN=security.maclib //SYSLIN DD DISP=(,PASS),DSN=&&OBJ, // UNIT=SYSDA,SPACE=(CYL,(1,1)), // DCB=(DSORG=PS,RECFM=FB,LRECL=80,BLKSIZE=3120) //SYSPRINT DD SYSOUT=* //SYSTERM DD SYSOUT=* //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(1,1)) //************************* //* LKED * //************************* //LKED EXEC PGM=IEWL,COND=(0,LT,ASM), // PARM=(’SIZE=(256K,13K),LIST,LET,XREF,RENT’, // ’REUS’) //SYSLIB DD DISP=SHR,DSN=connect.direct.SDGALINK // DD DISP=SHR,DSN=security.loadlib //SYSLIN DD DISP=(OLD,DELETE),DSN=&&OBJ //SYSLMOD DD DISP=SHR,DSN=connect.direct.SDGALINK(DGA*****) //SYSPRINT DD SYSOUT=* //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(1,1),,CONTIG)
- If necessary, update the IBM Connect:Direct initialization
parameter, SECURITY.EXIT, to specify the new exit.
SECURITY.EXIT = (mod-name,ALL)
- Initialize IBM Connect:Direct.