Command Authorization Table Example
The following steps provide an example of defining operator authority
using a NetView® command
authorization table:
- Define groups of operators.
GROUP GRP1 NETOP1,NETOP2,AUTO1,AUTO2 <BEGIN> GROUP GRP2 OPER1,OPER2,OPER3,OPER4,OPER5,OPER6,NETOP1,NETOP2, AUTO1,AUTO2 <END>Note that these operators are grouped into two classes of authorization.
- Define the commands, keywords, and values to be protected.
- In the example that follows, the statement protects the LOGAUTOF
(CNME7016) command.
PROTECT NETA.CNM01.CNME7016 - The following statements define the OVERRIDE command as unprotected
except for the REXXSTRF keyword. This keyword can only be used by
operators in group GRP1.
EXEMPT NETA.CNM01.OVERRIDE PROTECT NETA.CNM01.OVERRIDE.REXXSTRF.* PERMIT GRP1 NETA.CNM01.OVERRIDE.REXXSTRF.* - Note that these statements protect the CHANGEFP (CNME7009) command
and authorize operators in group GRP1 to issue the command.
PROTECT NETA.CNM01.CNME7009 PERMIT GRP1 NETA.CNM01.CNME7009 - All of the following statements are comments. If you remove the
asterisks from these statements, they protect the GLOBALV command
and restrict its use to operators in groups GRP1 and GRP2. The statements
also protect the SAVEC and RESTOREC keywords, and restrict their use
to operators in groups GRP1 and GRP2. Finally, the statements protect
the asterisk (*) and PURGEC keywords, and restrict their use to operators
in group GRP1.
* PROTECT NETA.CNM01.GLOBALV * PERMIT GRP1 NETA.CNM01.GLOBALV * PERMIT GRP2 NETA.CNM01.GLOBALV * PROTECT NETA.CNM01.GLOBALV.SAVEC * PERMIT GRP1 NETA.CNM01.GLOBALV.SAVEC * PERMIT GRP2 NETA.CNM01.GLOBALV.SAVEC * PROTECT NETA.CNM01.GLOBALV.RESTOREC * PERMIT GRP1 NETA.CNM01.GLOBALV.RESTOREC * PERMIT GRP2 NETA.CNM01.GLOBALV.RESTOREC * PROTECT NETA.CNM01.GLOBALV.ASTERISK * PERMIT GRP1 NETA.CNM01.GLOBALV.ASTERISK * PROTECT NETA.CNM01.GLOBALV.PURGEC * PERMIT GRP1 NETA.CNM01.GLOBALV.PURGEC
- In the example that follows, the statement protects the LOGAUTOF
(CNME7016) command.