DATABASEAUTHORITY and REVOKE: Giving authority to or revoking authority of a user
Explanation: DATABASEAUTHORITY and REVOKE are mutually exclusive, required parameters giving or revoking DFSMShsm authorization of the specified user.
DATABASEAUTHORITY specifies the level of
authorization of the specified user.
Subparameter | Explanation |
---|---|
USER | DATABASEAUTHORITY(USER) is an optional parameter that gives authorization to the specified user. The user specified with userid is authorized to use any DFSMShsm command except the AUTH command. |
CONTROL | DATABASEAUTHORITY(CONTROL) is an optional parameter that gives a higher-level of authorization
to the specified user. The user specified with userid is
authorized to use the AUTH command to add, delete, or change the DFSMShsm
authorization of other users.
Note: The CONTROL subparameter
should be limited to as few user IDs as possible.
|
REVOKE specifies that the userid identified is no longer authorized to issue all DFSMShsm commands. The user can still issue DFSMShsm user commands.
See Figure 1 for an illustration of DFSMShsm authorization.
The DFSMShsm user commands are described in z/OS DFSMShsm Managing Your Own Data.
Defaults: If the DATABASEAUTHORITY parameter is specified without a subparameter, the default is USER.
Figure 1. Identifying Authorized
DFSMShsm Users. The control storage administrator is identified
as the authorized user who can affect the authority of other storage
administrators and end users.