Domain: | SECURITY-ADMINISTRATION |
Privileges: | SECURITY-ADMINISTRATION |
This command can show privilege assignments in two ways:
by privilege sets; this function shows which individual privileges are assigned to a specified privilege set
by individual privileges; this function shows the privilege sets to which a specified individual privilege is assigned.
This permits the security administrator to determine which assignments exist. This function is particularly important when the security administrator wants to check that certain critical privileges are available to only a restricted set of users.
SHOW-PRIVILEGE-SET | ||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||
INFORMATION = *PRIVILEGE-SET(...)
Requests output by privilege: the output shows which privilege sets include the specified individual privilege(s).
PRIVILEGE = *ALL
The output shows the assignments sorted according to individual privileges. For all individual privileges the output shows the privilege sets in which the privilege is used. See "Functional overview" for possible privileges.
Exceptions: TSOS and SECURITY-ADMINISTRATION.
PRIVILEGE = list-poss(64): <text>
The output shows the assignments sorted according to individual privileges. For each individual privilege the output shows the privilege sets in which it is used. See "Functional overview" for possible privileges. Exceptions: TSOS and SECURITY-ADMINISTRATION.
INFORMATION = *PRIVILEGE(...)
Requests output by privilege sets. The output shows which individual privileges are assigned to the specified (or all) privilege sets.
PRIVILEGE-SET-NAME = *ALL / list-poss(20): <name 1..8>
*ALL outputs the definitions of all privilege sets.
PUBSET = *ALL / list-poss(21): *HOME / <cat-id 1..4>
The pubset whose privilege set definitions are to be output.
PUBSET = *ALL
The privilege set definitions of all locally imported pubsets are to be output.
PUBSET = *HOME
The privilege set definitions on the home pubset are to be output.
PUBSET = <catid 1..4>
The name of the desired pubset.
OUTPUT =
Specifies where the information is to be output.
OUTPUT = *SYSOUT
The output is to be sent to SYSOUT.
OUTPUT = *SYSLST
The output is to be sent to SYSLST.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | CMD0001 | Command executed without errors | |
2 | 0 | SRM6001 | Command executed with a warning |
32 | SRM6020 | System error during command processing | |
64 | SRM6040 | Semantic error during command processing | |
130 | SRM6030 | Command cannot be processed at the present time |
Example
The /SHOW-PRIVILEGE-SET command is to be used to inspect the privilege set ARCHIVE created in the example for the /CREATE-PRIVILEGE-SET command.
First, you want to see which privileges belong to the privilege set ARCHIVE:
|
Then you want to see the privilege sets which contain the privileges TAPE-ADMINISTRATION and HSMS-ADMINISTRATION:
|
Output in S variables
The INFORMATION operand of this command determines which S variables are assigned values. The possible entries for INFORMATION are as follows:
Notation in command | Condition in table |
INFORMATION = PRIVILEGE-SET(...) | INF=PRIV-SET |
INFORMATION = PRIVILEGE(...) | INF=PRIV |
Output information | Name of the S variable | T | Contents | Condition |
Name of the individual privilege | var(*LIST).PRIVIL | S | *ACS-ADM | 1 |
var(*LIST).PRIVIL(*LIST) | S | 2 | ||
Definition of the privilege set | var(*LIST).PRIVIL-DEFI | S | *LIST | 2 |
Name of the privilege set | var(*LIST).PRIVIL-SET | S | <name 1..8> | 2 |
var(*LIST).PRIVIL-SET(*LIST) | S | <name 1..8> | 1 | |
Catalog ID of the pubset on which | var(*LIST).PUBSET | S | <cat-id 1..4> | 1, 2 |