Modify catalog entry for user
Component: | SRPMNUC |
Functional area: | User management |
Domain: | USER-ADMINISTRATION |
Privileges: | STD-PROCESSING |
Routing code: | $ |
Function
If an entry for the user catalog of the home pubset is modified, the access rights to BS2000 (e.g. account number, password of the user ID, etc.) and the access rights to a pubset (default catalog ID) can be reassigned. These specifications are only checked in the user catalog of the home pubset for user compliance (logon validation).
The command modifies user attributes on SF or SM pubsets, which means that the user catalog entry is modified for the associated ID.
If an entry is created in a user catalog of an imported pubset, pubset-specific information must be stored. Systems support must define an upper limit for the user up to which the user may occupy storage space on this pubset. In addition, it can grant the user permission to exceed this limit. These new declarations, however, take effect only after the user logs on again, not for current tasks.
The default value *UNCHANGED in the corresponding operands means that the previously valid definition still applies.
Restriction
The only nonprivileged users (STD-PROCESSING privilege) authorized to issue this command are those designated as group administrators. The actions a group administrator can take are defined by systems support. For information on setting up and managing user groups see the “SECOS” manual [35].
Format
MODIFY-USER-ATTRIBUTES | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Operands
USER-IDENTIFICATION = <name 1..8>
Defines the name of the user ID for which the entry is to be modified.
PROTECTION-ATTRIBUTE = *UNCHANGED / *PARAMETERS(...)
Defines protection attributes.
PROTECTION-ATTRIBUTE = *PARAMETERS(...)
Individual protection attributes are to be modified.
LOGON-PASSWORD = *UNCHANGED / *NONE / <c-string 1..8> / <c-string 9..32> /
<x-string 1..16> / *SECRET
Password protecting the user ID from unauthorized access (long password (<c-string 9..32>), see the MODIFY-USER-PROTECTION command).
PASSWORD-ENCRYPTION = *YES / *NO
The password of the user ID is encrypted after entry or is stored in its original form. Password encryption presupposes that the system parameter ENCRYPT=Y is set in the parameter file (see the “Introduction to System Administration” [14]).
PASSWORD-MANAGEMENT = *UNCHANGED / *BY-USER / *BY-ADMINISTRATOR /
*USER-CHANGE-ONLY
Specifies the user’s rights with regard to modification of his password.
Changes with /MODIFY-USER-ATTRIBUTES are only possible if a value not equal *LOGON-DEFAULT was assigned to the PASSWORD-MANAGEMENT with the SECOS command MODIFY-LOGON-PROTECTION (see the “SECOS, Volume 1” manual [35]).
PASSWORD-MANAGEMENT = *BY-USER
The user may define, modify or delete a password.
PASSWORD-MANAGEMENT = *BY-ADMINISTRATOR
Only systems support staff may define, modify or delete the password for the user ID.
PASSWORD-MANAGEMENT = *USER-CHANGE-ONLY
The user may define and modify a password.
Deletion of the password, i.e. cancellation of access rights, is not permissible.
TAPE-ACCESS = *UNCHANGED / *STD / *PRIVILEGED / *BYPASS-LABEL / *ALL
Defines whether error messages generated during label checking of tapes may be ignored for the user concerned.
TAPE-ACCESS = *STD
Error messages must not be ignored.
TAPE-ACCESS = *PRIVILEGED
The following error messages for input and output files may be ignored by the owner of the tape or by systems support staff:
invalid volume serial number (VSN)
tape is write-protected
incorrect file set identifier in the HDR1 label of the tape
TAPE-ACCESS = *READ
The user may ignore error messages relating to input files; label checking is not deactivated. The following errors may result in messages during tape processing:
invalid volume serial number (VSN)
invalid file name
invalid label on tape
invalid access method
invalid file sequence number on tape
tape mark instead of end-of-volume label on tape
double tape mark instead of end-of-volume label on tape
TAPE-ACCESS = *BYPASS-LABEL
Label checking and thus any data protection for tape files is deactivated for tapes processed in INPUT or REVERSE mode. This privilege implies the TAPE-ACCESS=*READ function.
TAPE-ACCESS = *ALL
All error messages which have “I” (ignore) as a possible response may be ignored. This privilege implies the TAPE-ACCESS=*PRIVILEGED and TAPE-ACCESS=*BYPASS-LABEL functions.
FILE-AUDIT = *UNCHANGED / *NO / *ALLOWED
Defines whether the user is authorized to activate the AUDIT mode. This mode serves to monitor DMS accesses to files and file generations via system exit routines or, if the SECOS software product is used, by the SAT component.
MAILING-ADDRESS = *UNCHANGED / <c-string 1..64 with-low> / <x-string 1..128>
Mailing address for spoolout lists.
EMAIL-ADDRESS = *UNCHANGED / *NONE / <composed-name 1..1800> /
<c-string 1..1800 with-low> / <x-string 1..3600>
Specifies an email address or a list of email addresses for the users of this user ID. The addresses must be entered in the format '<local-part>@<domain>[,...]'. Optionally an address can also be prefixed by an address name in parentheses (see Example in chapter "Volume 2: ACTIVATE-SNAPSHOT - DECRYPT-FILE " in section "ADD-USER"). A list consists of multiple addresses separated by a comma and can only be specified as a string (c or x string).
The address or address list entered is evaluated when a file is sent by email (see the MAIL-FILE command).
EMAIL-ADDRESS = *PARAMETERS(...)
This functionality allows you to add or remove the recipient's e-mail address or the list of recipient e-mail addresses. The addresses must be separated by commas in the list. You specify the addresses in the following format: '<local part>@<domain>[,...]'.
ADD-EMAIL-ADDRESS = *NONE / list-poss(16): <composed-name 1..100> / <c-string 1..100 with-low> / <x-string 1..200>
The list of e-mail addresses can be added in this place. A maximum of 16 e-mail addresses can be specified in the list. The default *NONE means that no e-mail address are added.
REMOVE-EMAIL-ADDRESS = *NONE / list-poss(16): <composed-name 1..100 with-wild> / <c-string 1..100 with-low> / <x-string 1..200>
The list of e-mail addresses can be removed in this place. A maximum of 16 e-mail addresses can be included in the list. The default *NONE means that no e-mail address are removed.
PUBLIC-SPACE-LIMIT = *UNCHANGED / *STD / *MAXIMUM / <integer 0..2147483647 2Kbyte>
Assigns the maximum storage space the user may occupy for his files on public volumes on the pubset allocated with the PUBSET operand.
PUBLIC-SPACE-LIMIT = *STD
Allocates the user 16,777,215 PAM pages.
PUBLIC-SPACE-LIMIT = *MAXIMUM
Allocates the user 2,147,483,647 PAM pages.
PUBLIC-SPACE-EXCESS = *UNCHANGED / *NO / *TEMPORARILY-ALLOWED / *ALLOWED
Defines whether the user may exceed the limit defined by the PUBLIC-SPACE-LIMIT operand for the storage space on the allocated pubset. This authorization is restricted to user jobs started before this limit was reached.
PUBLIC-SPACE-EXCESS = *TEMPORARILY-ALLOWED
The storage space limit may be exceeded, provided that the upper limit had not been reached at the time of the SET-LOGON-PARAMETERS command.
ADDRESS-SPACE-LIMIT = *UNCHANGED / *STD / <integer 1..2147483647 Mbyte>
Defines how much user memory a task can request under this user ID. The user memory comprises both conventional class-6 memory (program space) and (data spaces). The maximum user memory depends on the size of the virtual memory and can be less than the value specified here.
ADDRESS-SPACE-LIMIT = *STD
The value of the system parameter SYSGJASL is assigned (the system parameter SYSGJASL has the default value 16 MB).
MAX-ACCOUNT-RECORDS = *UNCHANGED / *NO-LIMIT / <integer 0..32767>
Defines how many user-specific accounting records for each job or program are allowed to be written into the accounting file of the system.
MAX-ACCOUNT-RECORDS = *NO-LIMIT
The user is authorized to write any number of user-specific accounting records and accounting records of his own in the accounting file.
MAX-ACCOUNT-RECORDS = <integer 0..32767>
Defines how many user-specific accounting records can be written in the system accounting file for each job or program. The user is not authorized to add accounting records of his own.
PROFILE-ID = *UNCHANGED / *NONE / <structured-name 1..30>
Determines whether the user ID is assigned an SDF-PROFILE-ID. This PROFILE-ID characterizes a (SDF) group of user IDs which use a common group syntax file. Systems support can effect direct assignment of a user ID to a group syntax file by means of a suitable entry in the SDF parameter file.
PROFILE-ID = *NONE
The user is not assigned a PROFILE-ID and thus no group syntax file.
PROFILE-ID = <structured-name 1..30>
Defines the name of the PROFILE-ID which can be assigned to a group syntax file in the SDF parameter file.
PUBSET =
Defines the pubset whose user catalog is to accept the entry.
PUBSET = *HOME
The entry is made in the user catalog of the home pubset.
As a result, system access authorizations are redefined.
PUBSET = <cat-id 1..4>
Catalog identifier of the pubset whose user catalog is to accept the entry.
RESIDENT-PAGES = *UNCHANGED / *STD / *MAXIMUM / <integer 0..2147483647 4Kbyte>
Defines the maximum number of resident main memory pages available to the user ID.
RESIDENT-PAGES = *STD
The user may use 32,767 resident main memory pages.
RESIDENT-PAGES = *MAXIMUM
The user may use 2,147,483,647 resident main memory pages.
CSTMP-MACRO-ALLOWED = *UNCHANGED / *NO / *YES
Determines whether the user may use the CSTMP macro in his programs. The user can use the CSTMP macro to write-protect a memory pool (in class 6 memory) that can be shared by multiple users or explicitly cancel this protection. The macro is described in detail in the “Executive Macros” manual [22].
DEFAULT-PUBSET = *UNCHANGED / *HOME / <cat-id 1..4>
Assigns the user ID a default pubset on which the user can store his files and request storage space. Systems support can change the DEFAULT-PUBSET operand in any user catalog of an imported pubset. However, the user default pubset is determined only with the aid of the user catalog of the home pubset. For the TSOS user ID, the value of DEFAULT-PUBSET must be identical to the value of PUBSET.
User jobs which have the status HELD-BY-PUBSET due to the nonavailability of a default pubset are released for restart once the newly defined default pubset is available.
DEFAULT-PUBSET = *HOME
Defines the home pubset to be the user default pubset.
DEFAULT-PUBSET = <cat-id 1..4>
Catalog identifier of the pubset to be used as the user default pubset of the user ID.
TEST-OPTIONS = *UNCHANGED / *PARAMETERS(...)
Defines the maximum possible privilege for testing and diagnostic analysis of programs. The test privilege is interpreted by the software products AID and DAMP (access method ANITA).
TEST-OPTIONS = *PARAMETERS(...)
Defines the maximum permitted privilege levels for read and write access. Even at privilege level 2 the user has access to task-specific, sensitive data (system tables and control blocks). Higher values should be allocated only on request and for a limit period to selected user IDs. The values possible for this and a description can be found in section "Overview of test privileges".
READ-PRIVILEGE = *UNCHANGED / <integer 1..9>
Defines the maximum read privilege.
WRITE-PRIVILEGE = *UNCHANGED / <integer 1..9>
Defines the maximum write privilege.
MODIFICATION = *UNCHANGED / *UNCONTROLLED / *CONTROLLED
Specifies whether the user requires the operator’s permission to modify his/her current test privilege.
MODIFICATION = *UNCONTROLLED
The user does not require the operator’s permission.
MODIFICATION = *CONTROLLED
The user requires the operator’s permission.
AUDIT = *PARAMETERS(...)
Defines user-specific audit authorization. Authorization may be assigned to users separately for hardware audit and linkage audit. System-wide availability of the audit function is defined via the AUDALLOW system parameter.
Note
Hardware audit is only supported on /390 architecture (SUs /390 and S servers).
HARDWARE-AUDIT = *UNCHANGED / *ALLOWED / *NOT-ALLOWED
Specifies whether a user is authorized to control the hardware audit mode. The audit mode can be controlled by means of the START-, STOP-, HOLD- and RESUME-HARDWARE-AUDIT commands and via the AUDIT macro for the function states
TU (task unprivileged) and TPR (task privileged). Modifications only affect the user ID’s new tasks.
HARDWARE-AUDIT = *ALLOWED
The user is allowed to control the hardware audit mode, provided the audit function is available throughout the system.
HARDWARE-AUDIT = *NOT-ALLOWED
The user is not allowed to control the hardware audit mode.
LINKAGE-AUDIT = *UNCHANGED / *ALLOWED / *NOT-ALLOWED
Specifies whether a user is authorized to control the linkage audit mode. The audit mode can be controlled by means of the START-, STOP-, HOLD- and RESUME-LINKAGE-AUDIT commands and via the AUDIT macro for the function states TU (task unprivileged), TPR (task privileged) and SIH (system interrupt handling). Modifications only affect the user ID’s new tasks.
LINKAGE-AUDIT = *ALLOWED
The user is allowed to control the linkage audit mode, provided the audit function is available throughout the system.
LINKAGE-AUDIT = *NOT-ALLOWED
The user is not allowed to control the linkage audit mode.
DEFAULT-MSG-LANGUAGE = *UNCHANGED / *STD / <name 1..1>
Specifies the language in which messages are output by default.
DEFAULT-MSG-LANGUAGE = *STD
The language defined using the MSGLPRI system parameter is used.
FILE-NUMBER-LIMIT =
Specifies the maximum number of files that may be created. This upper limit, or any lower value, may be assigned to subgroups or group members.
FILE-NUMBER-LIMIT = *MAXIMUM
The maximum number of files is 16,777,215.
FILE-NUMBER-LIMIT = <integer 0..16777215>
Specifies the maximum possible number of catalog entries as an exact number.
JV-NUMBER-LIMIT =
Specifies the maximum number of job variables that may be created. This upper limit, or any lower value, may be assigned to subgroups or group members.
JV-NUMBER-LIMIT = *MAXIMUM
The maximum number of job variables is 16,777,215.
JV-NUMBER-LIMIT = <integer 0..16777215>
Specifies the maximum possible number of job variables as an exact number.
TEMP-SPACE-LIMIT =
Specifies the maximum amount of temporary storage space which may be occupied on the shared volumes specified in the PUBSET operand.
TEMP-SPACE-LIMIT = *MAXIMUM
The maximum amount of storage space is 2,147,483,647 PAM pages.
TEMP-SPACE-LIMIT = <integer 0..2147483647 2Kbyte>
Specifies exactly the amount of temporary storage space.
DMS-TUNING-RESOURCES =
Specifies which performance measures may be utilized, and the form in which they may be used.
DMS-TUNING-RESOURCES = *NONE
No tuning measures may be utilized.
DMS-TUNING-RESOURCES = *CONCURRENT-USE
The user may reserve preferred resources, but in doing so competes with all other users who have the same authorization.
DMS-TUNING-RESOURCES = *EXCLUSIVE-USE
The user may make exclusive reservations of preferred resources.
Permitted performance measures for the home and data pubsets
PUBSET = *HOME | ||||
|---|---|---|---|---|
DMS-TUNING-RESOURCES= | Resident ISAM pools | Resident FASTPAM environment | File attribute PERFORMANCE | |
= HIGH | =*VERY-HIGH | |||
NONE: | no | no | no | - |
*CONCURRENT-USE | yes | no | - | - |
*EXCLUSIVE-USE | yes | yes | - | - |
PUBSET = <data pubset> | ||||
|---|---|---|---|---|
DMS-TUNING-RESOURCES= | Resident ISAM pools | Resident FASTPAM environment | File attribute PERFORMANCE | |
= HIGH | =*VERY-HIGH | |||
NONE: | - | - | no | no |
*CONCURRENT-USE | - | - | yes | no |
*EXCLUSIVE-USE | - | - | yes | yes |
CODED-CHARACTER-SET = *UNCHANGED / *STD / <name 1..8>
Specifies which CODED-CHARACTER-SET (CCS) is to be used. A name should only be specified here if the one required differs from the one preset by the system (*STD). The specified CCS should be an EBCDIC character set.
PHYSICAL-ALLOCATION = *UNCHANGED / *NOT-ALLOWED / *ALLOWED
Governs whether the user is allowed to perform physical space allocation (direct allocation) for the pubset.
PHYSICAL-ALLOCATION = *UNCHANGED
The current status is to be retained.
PHYSICAL-ALLOCATION = *NOT-ALLOWED
The user is no longer allowed to perform physical space allocation for the pubset.
PHYSICAL-ALLOCATION = *ALLOWED
The user is now allowed to perform physical space allocation for the pubset.
CRYPTO-SESSION-LIMIT = *UNCHANGED / *STD / *MAXIMUM / <integer 0..32767>
Defines the maximum number of openCRYPT sessions within a BS2000 session. The number of openCRYPT sessions already used is set to 0 at the start of a BS2000. The values *STD and *MAXIMUM define the maximum number of 128 or 32767 openCRYPT sessions.
NET-STORAGE-USAGE = *UNCHANGED / *NOT-ALLOWED / *ALLOWED
Specifies whether the user may occupy space on Net-Storage volumes.
NET-STORAGE-USAGE = *UNCHANGED
The current status is to be retained.
NET-STORAGE-USAGE = *NOT-ALLOWED
The user is not permitted to use Net-Storage volumes.
NET-STORAGE-USAGE = *ALLOWED
The user is permitted to use Net-Storage volumes. The space occupied on the Net-Storage volume is not counted toward the user's PUBLIC-SPACE-LIMIT.
NET-CODED-CHAR-SET = *UNCHANGED / *STD / *ISO / *NO-CONVERSION / <name 1..8>
Defines which Net-Storage-Coded-Character-Set (NETCCSN) is to be used for node files on Net-Storage A character set conversion is only performed for SAM node files.
NET-CODED-CHAR-SET = *STD
The setting of the NETCODE system parameter applies.
NET-CODED-CHAR-SET = *ISO
A suitable ISO character set is used. For details on character set conversion see the CREATE-FILE command or the “Introductory Guide to DVS” manual [13].
NET-CODED-CHAR-SET = *NO-CONVERSION
There is no code conversion for SAM node files.
NET-CODED-CHAR-SET = <name 1..8>
Name of the character set to be used. It should be an ASCII character set.
ACCOUNT-ATTRIBUTES = *UNCHANGED / *ADD(...) / *MODIFY(...) / *REMOVE(...)
Specifies whether an account number is to be added, changed or deleted.
ACCOUNT-ATTRIBUTES = *ADD(...)
A new account number and specific attributes for the user ID is to be added.
ACCOUNT = <alphanum-name 1..8>
Account number of the user ID which is to be entered in the user catalog and to which the following data relate:
CPU-LIMIT = *STD / *MAXIMUM / <integer 0..2147483647 seconds>
Total CPU time available for user jobs under the account number.
CPU-LIMIT = *STD
The default value specified in the SYSGJCPU system parameter is available.
CPU-LIMIT = *MAXIMUM
2,147,483,647 CPU seconds are available to the user ID.
SPOOLOUT-CLASS = 0 / <integer 0..255> / *STD
Spoolout class for the account number of the user ID.
SPOOLOUT-CLASS = *STD
The default value specified in the SYSGJCLA system parameter is available.
MAXIMUM-RUN-PRIORITY = *STD / <integer 30..255>
Defines the highest priority that may be assigned to jobs of the user ID (see Note on section "MODIFY-USER-ATTRIBUTES").
MAXIMUM-RUN-PRIORITY = *STD
The default value specified in the SYSGJPRI system parameter is available.
MAX-ALLOWED-CATEGORY =
This operand defines which task attributes user jobs are allowed to attain. If the user employs the TINF macro in his/her programs, a check is made in both the job class used by the job concerned and in the user catalog to see whether the right to use the task attribute TP was assigned to the user under the specified account number.
MAX-ALLOWED-CATEGORY = *STD
The tasks of the user can attain the task attributes BATCH and DIALOG.
MAX-ALLOWED-CATEGORY = *TP
The user jobs may attain the task attributes BATCH, DIALOG and TP.
MAX-ALLOWED-CATEGORY = *SYSTEM
All task attributes are permitted for the tasks of the user.
PRIVILEGE = *NO / *PARAMETERS(...) / list-poss(3): *NO-CPU-LIMT /
*START-IMMEDIATE / *INHIBIT-DEACTIVATION
Defines privileges of job management.
PRIVILEGE = *NO
The user ID does not receive any job management privileges.
PRIVILEGE = *PARAMETERS(...)
Defines a sequence of job management privileges.
NO-CPU-LIMIT = *NO / *YES
Defines whether the user is allowed to run batch jobs without a time limitation.
NO-CPU-LIMIT = *YES
The user is authorized to run batch jobs without time limitation under the specified account number. This applies even if the job class assigned to the job does not permit this start attribute. If the user specified the CPU-LIMIT=*NO operand in the SET-LOGON-PARAMETERS or ENTER-JOB command and this function is authorized neither in the user catalog nor in the job class assigned to the job, the batch job is rejected with an error message.
In the case of tasks without a time limit, the user’s CPU account is not debited.
START-IMMEDIATE = *NO / *YES
Defines whether the use is authorized to use the job express function.
START-IMMEDIATE = *YES
The user is authorized to use the job express function. With this authorization batch jobs are started immediately, even if the class limit of the job class in which the job concerned is to be started has been reached. This applies even if the definition of the job class does not permit this start attribute. If the EXPRESS function is not permitted either in the user catalog or in the job class definition, the batch job is accepted, but it is not started as an EXPRESS job.
INHIBIT-DEACTIVATION = *NO / *YES
Defines whether the user is authorized to inhibit deactivation.
INHIBIT-DEACTIVATION = *YES
The user ID is authorized to inhibit deactivation. The user’s jobs are thus independent of the PRIOR function, by means of which jobs are placed in subordinate queues according to their system service requirements (macro time slice).
PRIVILEGE = *NO-CPU-LIMIT
The user is authorized to run batch jobs without time limitation under the specified account number.
PRIVILEGE = *START-IMMEDIATE
The user is authorized to use the job express function.
PRIVILEGE = *INHIBIT-DEACTIVATION
The user ID is authorized to inhibit deactivation.
POSIX-RLOGIN-DEFAULT = *NO / *YES
Defines whether the account number being added is to be used for accounting of a POSIX remote login session. The POSIX remote login account number is unique within a user ID. The user administration system automatically performs a comparison with existing account numbers, and the declaration of a different account number as the POSIX account number overrides any earlier declaration. The old account number can from then on be used for BS2000 sessions only.
LOGON-DEFAULT = *NO / *YES
Defines whether the designated account number is to be used as the default account number for BS2000 timesharing mode if no account number is specified in the case of dialog or batch access.
ACCOUNT-ATTRIBUTES = *MODIFY(...)
An existing account number or the corresponding attributes are to be modified. The account number is recreated if necessary.
ACCOUNT = <alphanum-name 1..8>
Account number of the user ID for which the following values are to be modified in the user catalog.
CPU-LIMIT = *UNCHANGED / *STD / *MAXIMUM / <integer 0..2147483647 seconds>
Total CPU time available for user jobs under an existing account number.
CPU-LIMIT = *STD
The default value specified in the SYSGJCPU system parameter is available.
CPU-LIMIT = *MAXIMUM
The CPU time for the existing accounting number is changed to the value of 2,147,483,647 seconds.
SPOOLOUT-CLASS = *UNCHANGED / <integer 0..255> / *STD
Spoolout class for the account number of the user ID.
SPOOLOUT-CLASS = *STD
The default value specified in the SYSGJCLA system parameter is available.
MAXIMUM-RUN-PRIORITY = *UNCHANGED / <integer 30..255>
Defines the highest priority that may be assigned to jobs of the user ID (see note on section "MODIFY-USER-ATTRIBUTES").
MAX-ALLOWED-CATEGORY = *UNCHANGED / *STD / *TP / *SYSTEM
This operand defines which task attributes user jobs are allowed to attain. If the user employs the TINF macro in his/her programs, a check is made in both the job class used by the job concerned and in the user catalog to see whether the right to use the task attribute TP was assigned to the user under the specified account number.
MAX-ALLOWED-CATEGORY = *STD
The tasks of the user can attain the task attributes BATCH and DIALOG.
MAX-ALLOWED-CATEGORY = *TP
The user jobs may attain the task attributes BATCH, DIALOG and TP.
MAX-ALLOWED-CATEGORY = *SYSTEM
All task attributes are permitted for the tasks of the user.
PRIVILEGE = *UNCHANGED / *PARAMETERS(...) / list-poss(3): *NO-CPU-LIMIT /
*START-IMMEDIATE / *INHIBIT-DEACTIVATION
Defines privileges of job management.
PRIVILEGE = *PARAMETERS(...)
Defines a sequence of job management privileges.
NO-CPU-LIMIT = *UNCHANGED / *NO / *YES
Defines whether the user is allowed to run batch jobs without a time limitation.
NO-CPU-LIMIT = *YES
The user is authorized to run batch jobs without time limitation under the specified account number. This applies even if the job class assigned to the job does not permit this start attribute. If the user specified the CPU-LIMIT=*NO operand in the SET-LOGON-PARAMETERS or ENTER-JOB command and this function is authorized neither in the user catalog nor in the job class assigned to the job, the batch job is rejected with an error message.
In the case of tasks without a time limit, the user’s CPU account is not debited.
START-IMMEDIATE = *UNCHANGED / *NO / *YES
Defines whether the use is authorized to use the job express function.
START-IMMEDIATE = *YES
The user is authorized to use the job express function. With this authorization batch jobs are started immediately, even if the class limit of the job class in which the job concerned is to be started has been reached. This applies even if the definition of the job class does not permit this start attribute. If the EXPRESS function is not permitted either in the user catalog or in the job class definition, the batch job is accepted, but it is not started as an EXPRESS job.
INHIBIT-DEACTIVATION = *UNCHANGED / *NO / *YES
Defines whether the user is authorized to inhibit deactivation.
INHIBIT-DEACTIVATION = *YES
The user ID is authorized to inhibit deactivation. The user’s jobs are thus independent of the PRIOR function, by means of which jobs are placed in subordinate queues according to their system service requirements (macro time slice).
PRIVILEGE = *NO-CPU-LIMIT
The user is authorized to run batch jobs without time limitation under the specified account number. This applies even if the job class assigned to the job does not permit this start attribute. If the user specified the CPU-LIMIT=*NO operand in the SET-LOGON-PARAMETERS or ENTER-JOB command and this function is authorized neither in the user catalog nor in the job class assigned to the job, the batch job is rejected with an error message.
In the case of tasks without a time limit, the user’s CPU account is not debited.
PRIVILEGE = *START-IMMEDIATE
The user is authorized to use the job express function. With this authorization batch jobs are started immediately, even if the class limit of the job class in which the job concerned is to be started has been reached. This applies even if the definition of the job class does not permit this start attribute. If the EXPRESS function is not permitted either in the user catalog or in the job class definition, the batch job is accepted, but it is not started as an EXPRESS job.
PRIVILEGE = *INHIBIT-DEACTIVATION
The user ID is authorized to inhibit deactivation. The user’s jobs are thus independent of the PRIOR function, by means of which jobs are placed in subordinate queues according to their system service requirements (macro time slice).
POSIX-RLOGIN-DEFAULT = *UNCHANGED / *NO / *YES
Defines whether the account number to be changed is to be used for accounting of a POSIX remote login session. The POSIX remote login account number is unique within a user ID. The user administration system automatically performs a comparison with existing account numbers, and the declaration of a different account number as the POSIX account number overrides any earlier declaration. The old account number can from then on be used for BS2000 sessions only.
LOGON-DEFAULT = *UNCHANGED / *NO / *YES
Defines whether the designated account number is to be used as the default account number for BS2000 timesharing mode if no account number is specified in the case of dialog or batch access.
ACCOUNT-ATTRIBUTES = *REMOVE(...)
An account number is to be removed from the user ID.
ACCOUNT = list-poss(10): <alphanum-name 1..8>
Account number of the user ID to be deleted.
An account number must always be maintained for the user ID.
Return codes
(SC2) | SC1 | Maincode | Meaning |
|---|---|---|---|
0 | CMD0001 | No error | |
2 | 0 | SRM6001 | Command executed with a warning |
1 | SRM6010 | Syntax error | |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error | |
130 | SRM6030 | Command cannot temporarily be executed |
Note
The task scheduling priorities (30-255) for job control are defined:
in the user catalog (ADD-USER command, MAXIMUM-RUN-PRIORITY operand)
in the job class definition (JMU statement DEFINE-JOB-CLASS, RUN-PRIORITY operand; in addition to the default priority, a maximum priority can be defined)
If the user specifies a task scheduling priority in the SET-LOGON-PARAMETERS or ENTER-JOB command, this priority is checked both in the user catalog and in the job class assigned to the job (for an example see the ADD-USER command).
If the priority specified by the user in the SET-LOGON-PARAMETERS or ENTER-JOB command is worse than the best priority of the job class and in the user catalog (i.e. allowed either in the job class or in the user catalog), the job is started with the priority specified by the user. If the priority specified by the user in the SET-LOGON-PARAMETERS or ENTER-JOB command is better than the priorities of the job class and in the user catalog (i.e. not allowed either in the job class or in the user catalog), the job is given whichever is worse, the default priority of the job class or the priority in the user catalog.
If the user does not specify any priority in the SET-LOGON-PARAMETERS or ENTER-JOB command, the job is started with the default priority.