IBM-Defined Privilege Classes
z/VM CP commands are divided into eight groups, each represented by a privilege class. The privilege class indicates the type of user from whom the system accepts commands.
In general, the system programmer who creates the user directory assigns each user one or more privilege classes as part of the virtual machine definition in that directory.
Privilege classes are denoted by the letters A through Z, the numbers
1 through 6, or the word Any
. These classes, and the type of
user who uses the commands belonging to each privilege class set,
are summarized in Table 1. Classes
I through Z and numbers 1 through 6 are reserved so that your installation
can define them to suit its needs.
Users whose password is NOLOG have no privilege class and can only receive spooled output as punched cards or printed forms. The NOLOG assignment controlled by directory statements; see USER Directory Statement or IDENTITY Directory Statement for more information about NOLOG users.
| Class | User and Function |
|---|---|
| A | System Operator: The class A user controls
the z/VM system.
The system operator is responsible for the availability of the z/VM system and its
resources. In addition, the system operator controls system accounting,
broadcast messages, virtual machine performance options, and other
options that affect the overall performance of z/VM. Note: The
class A user who is automatically logged on during CP initialization
is designated as the primary system operator.
|
| B | System Resource Operator: The class B user controls all the real resources of the z/VM system, except those controlled by the system operator and the spooling operator. |
| C | System Programmer: The class C user updates or changes system-wide parameters of the z/VM system. |
| D | Spooling Operator: The class D user controls spool files and the system's real reader, printer, and punch equipment allocated to spooling use. |
| E | System Analyst: The class E user examines and saves system operation data in specified z/VM storage areas. |
| F | Service Representative: The class F user obtains, and examines in detail, data about input and output devices connected to the z/VM system. This privilege class is reserved for IBM® use only. |
| G | General User: The class G user controls functions associated with a particular virtual machine. |
| Any | Commands belonging to class Anyare available to any user, regardless of the user's privilege class. These commands are primarily those used to gain access to, or relinquish access from, the z/VM system. |
| H | Reserved for IBM use. |
| I - Z
1 - 6 |
These classes are reserved for redefinition by each installation for its own use (using MODIFY statements or commands). |