Define name and routing codes for new operator role
Component: | SRPMNUC |
Functional area: | Operator function control |
Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION |
Function
This command is used to compile a list of routing (authorization) codes, to form an “operator role”, and to inform the specified pubset of it. An operator role corresponds to an area of work, and gives the exerciser of the role the right to issue the commands assigned to that area of work. Each area of work (= operator role) is represented by a set of authorization (routing) codes specified by the system support staff; this may be any combination of the total of 40 authorization codes used in BS2000.
The creation and issuing of operator roles provides a means of increasing protection against unauthorized access to the operating functions. All dynamic authorization names, i.e. operator identifications, (see “Simplifying system operation” in the “Introduction to System Administration” [14]) are treated like user IDs; for each operator identification there is an entry in the user catalog, which uniquely identifies it. If the application wishes to undertake a system operating task, it must specify an operator identification when it is connected, and then apply to be assigned an operator role, using the command REQUEST-OPERATOR-ROLE. Not until this role is assigned can it function properly as a console. The system support staff creates the link between the operator identification and the operator roles which the application may accept under this operator identification, using the MODIFY-OPERATOR-ATTRIBUTES command.
Operator roles cannot be used for logical consoles with generated authorization names, for physical consoles only if NBCONOPI=Y.
The main console, and therefore a human operator, cannot be covered by these roles.
Format
CREATE-OPERATOR-ROLE |
OPERATOR-ROLE = <name 1..8> ,PUBSET = *HOME / <cat-id 1..4> ,ROUTING-CODES = *NONE / *ALL / list-poss(40): * / <alphanum-name 1..1> |
Operands
OPERATOR-ROLE = <name 1..8>
Defines the name of the operator role. This name must be specified by the authorized user programs as soon as they wish to perform the tasks (=routing codes) associated with this role.
PUBSET =
Specifies the pubset into whose catalog the role is to be entered.
PUBSET = *HOME
The operator role is to be entered into the user catalog for the home pubset.
PUBSET = <cat-id 1..4>
Exact specification of the pubset into whose catalog the new operator role is to be entered.
ROUTING-CODES =
Specifies the routing codes, and hence the area of work, which are assigned to the new operator role.
ROUTING-CODES = *NONE
Default value: no routing codes will be explicitly assigned to the new operator role. The authorized user program may nevertheless accept the role, as this command will have entered it in the user catalog for the specified pubset; however, the requesting application cannot undertake any tasks.
ROUTING-CODES = *ALL
All the routing codes known to the system should be assigned to the role.
Note
A table of routing codes will be found in the “Introduction to System Administration” [ 14 ].
ROUTING-CODES = list-poss(40): * / <alphanum-name 1..1>
Detailed specification of up to 40 routing codes to be assigned to the new operator role.
Return codes
(SC2) | SC1 | Maincode | Meaning |
|---|---|---|---|
0 | CMD0001 | No error | |
2 | 0 | SRM6001 | Command executed with a warning |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error | |
130 | SRM6030 | Command cannot temporarily be executed |