Another Way of Changing the Privilege Class of Certain CP Functions

Privilege classes for the following CP functions can be changed without using the MODIFY statement or command:

Logging on as the primary system operator
Intensive error recording
Using the read function of the CP IOCP utility
Using the write function of the CP IOCP utility
Specifying the default user class.

If you want to change some or all the privilege classes assigned to these CP functions, you must specify your changes by using the PRIV_CLASSES statement in the system configuration file. For more information on the PRIV_CLASSES statement, see PRIV_CLASSES Statement.

In our insurance company example, the classes of three system functions were changed:

Classes for the primary system operator
Classes authorized to perform intensive error recording
Default classes for users who do not have a class defined in their virtual machine definitions.

Instead of including them in the MODIFY statement or command, the system administrator could have entered the PRIV_CLASSES statement as:

PRIV_CLASSES OPERATOR IJ HW_SERVICE L USER_DEFAULT P

You can also use the CP SET PRIVCLASS command to change the privilege classes for individual users, who are logged on to the system, rather than an entire class of users. This command lets you be more selective in the privileges that you grant users. For a brief description of the SET PRIVCLASS command, see Changing the Setting for a Logged-On Virtual Machine. For a detailed description of the SET PRIVCLASS and QUERY PRIVCLASS commands, see z/VM: CP Commands and Utilities Reference.