Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION |
This command serves to revoke a user ID’s global privileges or privilege sets.
It is not possible to revoke any of the privileges or privilege sets for a user ID which possesses the privilege SECURITY-ADMINISTRATION on the pubset specified in the command.
The command does not take effect for the entire system, i.e. the user ID’s global privileges are not revoked throughout the system unless the user ID to which the command refers exists on the home pubset.
The command does not take effect until the next LOGON under this user ID, i.e. any jobs under this user ID that are active at the time of command entry are not affected.
RESET-PRIVILEGE | ||||||||||||||||||||
| ||||||||||||||||||||
PRIVILEGE =
The name of the privilege to be revoked for a user ID. This operand is mandatory. The individual privileges are described in the section "Management of privileges".
PRIVILEGE = *ALL
The user ID is assigned the privileges which it had after first start (see section "Distribution of privileges after first startup").
PRIVILEGE = *PRIVILEGE-SET(...)
Specification of one or more privilege sets.
PRIVILEGE-SET-NAME = list-poss(20): <name 1..8>
Privilege set that is to be revoked for the user ID, or list of privilege sets.
PRIVILEGE = list-poss(64): <text>
The privilege that is to be revoked for a user ID. See "Functional overview" for possible privileges. Exceptions: TSOS and SECURITY-ADMINISTRATION.
USER-IDENTIFICATION = <name 1..8>
User ID from which the specified privilege or privilege set is to be withdrawn.
PUBSET = *HOME / <cat-id 1..4>
Pubset on which the specified privilege is to be withdrawn from the user ID.
PUBSET = *HOME
The privilege is withdrawn on the home pubset. The effect of this operand is valid for the entire system.
PUBSET = <cat-id 1..4>
The privilege is withdrawn on the specified pubset.
Notes
If the user ID is the only user ID to possess an individual privilege on the specified pubset, the decision as to whether to implement or suppress withdrawal of the privilege must be taken by way of the response to message SRM4006.
All other privileges specified in the command are revoked, irrespective of the response.
Privilege sets are withdrawn without a request for confirmation.
If the privilege SAT-FILE-MANAGEMENT or SAT-FILE-EVALUATION is withdrawn from a user ID, SAT logging for this user ID is not automatically deactivated.
Each user ID must possess at least one individual privilege. Any attempt to withdraw the last existing individual privilege from a user ID will be rejected. This rule applies only to individual privileges. Privilege sets are not regarded as individual privileges and are thus ignored when counting the privileges possessed by a user ID.
If the privilege STD-PROCESSING is withdrawn from a user ID which also possesses the privilege SAT-FILE-MANAGEMENT, SAT-FILE-EVALUATION or HARDWARE-MAINTENANCE, it is still possible to issue some of the user commands under this user ID.
The security administrator can execute some of the user commands although he/she does not possess the privilege STD-PROCESSING.
The privilege POSIX-ADMINISTRATION cannot be withdrawn from the SYSROOT user ID.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command executed without errors | |
2 | 0 | SRM6001 | Command executed with a warning |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error during command processing | |
130 | SRM6030 | Command cannot be processed at the present time |