Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Privileges

&pagelevel(3)&pagelevel

System privileges (privileges for short) describe the right to handle certain systems support tasks together with the required system functions required for this under a particular user ID.

Privileges can be allocated to various user IDs. On the one hand, this allocation reduces the load on systems support. On the other, it increases security in the context of systems support because, for example, the number of individuals who need to know the TSOS password in order to perform routine operations is smaller.

By default the privileges are allocated to predefined user IDs, see table 36 in section "Allocation of privileges". The default allocation of privileges can only be changed with SECOS.

Each command must be declared in one of the activated system syntax files and explicit permission must be given for its use. Before it is processed, each command (user, system administration or operator command) passed to SDF is checked to see whether the user who issued it has the privilege required for its execution. In the case of operator commands, for example, this is the privilege OPERATING.

The figure below takes a few commands as examples to illustrate how authorization to issue user, operator and system administration commands to BS2000 is assigned:

Figure 20: Authorization to enter commands

Certain commands can be given both by the operator (via the console) and by system administration (from a data display terminal under TSOS user ID). Thus there is no rigid division of functions between system administration and operator. There is a certain latitude in the organization of the data center. But close cooperation between system administration and operator is always required.

Privilege allocation using SECOS

Each user ID in BS2000 is allocated at least one privilege. By default this is the STD-PROCESSING privilege, i.e. the right to execute the user commands.

A user ID can have more than one privilege, and SECOS can be used to allocate a privilege to more than one user ID.

SECOS enables individual privileges to be grouped for certain tasks. A grouping of this type is implemented by defining “privilege sets” to which the various (individual) privileges can be allocated.

The privileges of a user ID are stored in the user catalog (SYSSRPM). Privilege allocation in the user catalog of the home pubset is effective throughout the system. A pubset’s user catalog is opened when the pubset concerned is imported and remains open until the pubset is exported.

The various privileges are described in the section "Description of the privileges".

Powered by Atlassian Confluence and Scroll Viewport.