Domain: | SECURITY-ADMINISTRATION, USER-ADMINISTRATION |
Privileges: | STD-PROCESSING, SAT-FILE-EVALUATION, |
This command requests information about the privileges assigned to a specific user ID or about the user IDs which possess a specific privilege.
If the command is issued under any user ID other than that of the security administrator, only the privileges or tasks relating to that user ID are output.
Command syntax available to the security administrator
SHOW-PRIVILEGE | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
INFORMATION =
The type of information to be output.
INFORMATION = *PRIVILEGE(...)
The output is to show the privileges assigned to the specified user IDs.
USER-IDENTIFICATION =
User ID whose privileges are to be output.
USER-IDENTIFICATION = *ALL
The privileges of all user IDs are to be output.
USER-IDENTIFICATION = *OWN
The privileges of the user ID issuing the command are to be output.
INFORMATION = *USER-IDENTIFICATION(...)
The output is to show those user IDs possessing the specified privileges or privilege sets.
PRIVILEGE =
The output is to show the user IDs possessing the specified privilege(s). In the case of individual privileges, a list may be specified.
PRIVILEGE = *ALL
All system privileges are to be shown together with the user IDs which possess each of these privileges. The individual privileges are described in the section "Management of privileges".
PRIVILEGE = *PRIVILEGE-SET(...)
Information about a privilege set is to be output.
PRIVILEGE-SET-NAME = *ALL / list-poss(20): <name 1..8>
Information is output for all privilege sets or for the explicitly specified privilege set(s).
PRIVILEGE = list-poss (64): <text>
The specified privilege is to be shown together with the user IDs which possess this privilege. See "Functional overview" for possible privileges. Exceptions: TSOS and SECURITY-ADMINISTRATION
INFORMATION = *RUN-PRIVILEGE(...)
The current privileges of the specified tasks are to be displayed. The following values can be specified (a list can also be output for the individual values):
JOB-ID = *OWN
The user ID’s own privileges are displayed.
JOB-ID = *ALL
The privileges for all tasks are displayed
JOB-ID = <c-string 1..4> / <alphanum-name 1..4>
The privileges for the task with the specified TSN are displayed.
JOB-ID = *TID(...)
The privileges for the task with the specified TID are displayed. The following values can be specified (a list can also be output for the individual values):
TID = *OWN
The privileges of the user ID’s own task are displayed.
TID = *ALL
The privileges for all tasks are displayed.
TID = <x-string 1..8> / <x-text 1..4>
The privileges for the task with the specified TID are displayed.
INFORMATION = *TASK(PRIVILEGE = *ALL / list-poss(64): <text>)
All the tasks that possess one of the specified privileges are displayed.
PUBSET = *ALL / list-poss(20): *HOME / <cat-id 1..4>
Pubset for which the distribution of privileges is to be output.
PUBSET = *ALL
The privileges and privilege sets which the user ID possesses on all locally imported pubsets are to be output.
PUBSET = *HOME
The privileges and privilege sets which the user ID possesses on the home pubset are to be output.
PUBSET = <cat-id 1..4>
The distribution of privileges of the specified pubset is to be output.
OUTPUT =
This determines the output medium for the requested information.
OUTPUT = *SYSOUT
The information is output to the system file SYSOUT.
OUTPUT = *SYSLST
The information is output to the system file SYSLST.
Command syntax available to all other users
SHOW-PRIVILEGE | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
INFORMATION = *PRIVILEGE(...)
Displays the user ID’s own privileges.
INFORMATION = *RUN-PRIVILEGE(...)
The current privileges of the specified tasks are to be displayed. The following values can be specified (a list can also be output for the individual values):
JOB-ID = *OWN
The user ID’s own privileges are displayed.
JOB-ID = *ALL
The privileges for all tasks are displayed
JOB-ID = <c-string 1..4> / <alphanum-name 1..4>
The privileges for the task with the specified TSN are displayed.
JOB-ID = *TID(...)
The privileges for the task with the specified TID are displayed. The following values can be specified (a list can also be output for the individual values):
TID = *OWN
The privileges of the user ID’s own task are displayed.
TID = *ALL
The privileges for all tasks are displayed.
TID = <x-string 1..8> / <x-text 1..8>
The privileges for the task with the specified TID are displayed.
INFORMATION = *TASK(PRIVILEGE = *ALL / list-poss(64): <text>)
All the tasks that possess one of the specified privileges are displayed.
PUBSET = *ALL / list-poss: *HOME / <cat-id 1..4>
Pubset to which the command is to refer.
PUBSET = *ALL
The privileges which the user ID possesses on all accessible pubsets are to be output.
PUBSET = *HOME
The privileges which the user ID possesses on the home pubset are to be output.
OUTPUT =
This determines the output medium for the requested information (specification of a list is possible).
OUTPUT = *SYSOUT
The information is output to the system file SYSOUT.
OUTPUT = *SYSLST
The information is output to the system file SYSLST.
Note concerning spin-off behavior
A spin-off is not triggered as long as a list of user IDs or pubsets contains valid specifications. A non-existent user ID or inaccessible pubset will trigger the spin-off mechanism only if the list does not contain any valid specifications which enable information to be output.
The spin-off mechanism is always triggered if there is no information that matches the specified criteria.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command executed without errors | |
2 | 0 | SRM6001 | Command executed with a warning |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error during command processing | |
130 | SRM6030 | Command cannot be processed at the present time |
Examples
The security administrator wants to check the privileges of the user ID USER1:
|
Output of privileges that are assigned as individual privileges does not show any individual privileges that are assigned via privilege sets. In order to determine which privileges are defined in PRIVILEGE-SET-NAME=ARCHIV and are therefore assigned to USER1 it is necessary to issue the /SHOW-PRIVILEGE-SET command in addition.
You want to find out which user IDs possess the privilege set ARCHIV:
|
You want to see which user IDs possess the privilege HSMS-ADMINISTRATION:
|
Output in S variables
The INFORMATION operand of this command determines which S variables are assigned values. The possible entries for INFORMATION are as follows:
Notation in command | Condition in table |
INFORMATION = *PRIVILEGE(...) | 1 |
INFORMATION = *USER-ID(PRIVILEGE=...) | 2 |
INFORMATION = *USER-ID(PRIVILEGE=PRIVILEGE-SET(...)) | 3 |
INFORMATION = *RUN-PRIVILEGE(...) | 4 |
INFORMATION = *TASK(...) | 5 |
Output information | Name of the S variable | T | Contents | Condition |
Name of the privilege | var(*LIST).PRIVIL | S | *ACS-ADM | 2, 5 |
var(*LIST).PRIVIL(*LIST) | S | 1, 4 | ||
Name of the privilege set | var(*LIST).PRIVIL-SET | S | <name 1..8> | 3 |
var(*LIST).PRIVIL-SET(*LIST) | S | <name 1..8> | 1 | |
Catalog ID of the pubset for which | var(*LIST).PUBSET | S | <cat-id 1..4> | 1, 2, 3 |
User ID whose distribution of | var(*LIST).USER-ID | S | <name 1..8> | 1, 4 |
var(*LIST).USER-ID(*LIST) | S | <name 1..8> | 2, 3 | |
TID whose distribution of | var(*LIST).TID | S | ’’ | 4 |
TSN whose distribution of | var(*LIST).TSN | S | ’’ | 4 |
TSN whose distribution of | var(*LIST).TASK(*LIST).TSN | S | <alphanum-name 4> | 5 |
User ID of the task possessing the | var(*LIST).TASK(*LIST).USER-ID | S | <name 1..8> | 5 |
Examples
|
|