Authorization to Use Commands and Utilities

The following table describes the authorization a user needs to use cacc commands and utilities.
vmx32besp
The following table describes the authorization a user needs to use
VM:Secure
commands and utilities.
Command or Utility
Type of Authorization
Authority
Optional Parameters to Narrow Authority
ABEND
Terminate
VM:Secure
operation abnormally
ABEND
ADDENTRY*
Create a directory entry for a user or profile from an input file or a skeleton file
ADDENTRY
[
entry
]
ADDENTRY*
Create a user ID or profile from an input file
ADDENTRY
entry
NOSKEL**
ADDENTRY*
If the input file creates a minidisk
ADDMDISK
[
entry
]
ADDENTRY*
Create a user ID or profile with a skeleton file
ADDENTRY
entry
SKELETON**
ADDENTRY*
If the skeleton file creates a minidisk
ADDMDISK
[
entry
]
ADDMDISK*
Add a minidisk for a user ID
ADDMDISK
[
entry
]
ADMIN
Use all parameters on the ADMIN command
ADMIN
ADMIN
Edit the
VMSECURE
MANAGERS file
ADMIN MANAGERS**
ADMIN
Edit the
VMSECURE
GLOBALS file
ADMIN GLOBALS**
ADMIN
Edit a subpool entry
ADMIN POOL**
[
poolid
]
ADMIN
Edit the
VMSECURE
POSIX file
ADMIN POSIX**
ADMIN
Edit a directory profile
ADMIN PROFILE**
[
profile
]
ADMIN
Edit a skeleton file
ADMIN SKELETON**
[
skeleton
]
ADMIN
Define or change SFS managers’ enrollment defaults or enrollment limits
ADMIN SFSMGRS**
[
userid
]
ASSIGN
Assign a user ID to a different manager
ASSIGN
[
entry
[
mgrid
]]
AUDITEXT
Extract current audit information
AUDITEXT
CHANGE
Change a user ID’s name
CHANGE
[
entry
]
CHGENTRY
Change a USER to an IDENTITY or change an IDENTITY to a USER
CHGENTRY
[
entry
]
CHGMDISK*
Move or change a minidisk
CHGMDISK
[
entry
]
CHGMDISK*
With the NOCOPY option
NOCOPY
CHGVOLNM
Change all references to the volser of any DASD volume controlled by
VM:Secure
CHGVOLNM
[
oldvolser
]
CLASS
Assign a CP privilege class
CLASS
[
class
]
CMD
Use the CMD command to route another command to an Agent product server in a Single System Image environment
CMD
CMS
Execute a CMS or CP command on the
VM:Secure
service virtual machine
CMS
[
word1
...
word15
]
COMPRESS
Defragment disk storage
COMPRESS
[
volser
]
CONFIG
Edit the
VM:Secure
configuration files
CONFIG
CONFIG
Edit the AUTHORIZ CONFIG file
CONFIG AUTHORIZ**
Edit the DASD CONFIG file
CONFIG DASD**
CONFIG
Edit the PRODUCT CONFIG file
CONFIG PRODUCT**
CONFIG
Edit the SECURITY CONFIG file
CONFIG SECURITY**
CONFIG
Edit the
VM:Secure
SFS configuration
CONFIG SFS**
CPFMTXA
Use CPFMTXA command to change allocation on the object directory volume
CPFMTXA
DELENTRY*
Delete an existing user ID or profile
DELENTRY
[
entry
]
DELENTRY*
Delete a minidisk for a deleted user ID
DELMDISK
[
entry
]
DELETE
Delete file space for an active user ID
DELETE
[
userid
]
DELMDISK*
Delete a user ID’s minidisk
DELMDISK
[
entry
]
DISPLINK
Display links to a user’s minidisks
DISPLINK
[
userid
]
DUPENTRY
Create a new user ID based off an existing user ID
DUPENTRY
[existing [new]]
DUPENTRY
For the template user ID’s minidisks.
DUPMDISK
[
entry
]
DUPENTRY
For the new user ID’s minidisks.
ADDMDISK
[
entry
]
DUPENTRY
No formatting of minidisks.
NOFORMAT
[
entry
[
mgrid
]] 
DUPENTRY
To use the MANAGER option.
MANAGER
[
entry
[
mgrid
]]
DUPMDISK*
Create an exact duplicate of an existing minidisk
DUPMDISK
[
entry
]
DUPMDISK*
For the user ID that owns the source minidisk (
sourceuser
)
DUPMDISK
[
entry
]
DUPMDISK*
For the user ID that owns the target minidisk (
targetuser
)
ADDMDISK
[
entry
]
EDIT
Edit a user ID’s directory entry
EDIT
[
entry
]
EDX
Edit a user ID’s directory entry, expanding any INCLUDE statement
EDIT
[
entry
]
END
Terminate
VM:Secure
immediately or after current processes complete
END
END
Terminate
VM:Secure
immediately only
END FORCE**
END
Terminate
VM:Secure
operation only after current processes complete
END NOFORCE**
ENROLL
Enroll a user ID into an SFS file pool
ENROLL
ENTRY
Update or query directory entry contents
ENTRY
[
entry
[
subcommand
]]
EXPIRE
Expire a user ID’s logon password
EXPIRE
[
userid
]
EXTRACT
Extract directory information
EXTRACT
GENINCL
Add an INCLUDE statement to a userid’s directory entry
GENINCL
[
userid
[
profile
]]
GETENTRY*
Retrieve current copy of a user ID’s directory entry or a directory profile
GETENTRY
[
entry
]
GETPWEXP
Display user ID password expiration information
GETPWEXP
[
userid
]
GRANT AUTHORITY
Allow a user to grant access to a file space for other users
GRANT AUTHORITY
filespace
[
userid
]
JOURNAL
Display password violations and reset password violation count
JOURNAL
JOURNAL
Display password violations
JOURNAL LIST**
[
word1 …word4
]
JOURNAL
Reset a password violation count to zero
JOURNAL RESET**
[
word1 …word4
]
LISTAUTH
Query the authorizations specified in the AUTHORIZ CONFIG file
LISTAUTH
[
userid
[
authwrds
]]
LOCK*
Prevent updates to any object
LOCK
LOCK*
Prevent updates to a CMS file
LOCK FILE**
[
fname
[
ftype
[
fmode
]]
LOCK*
Prevent updates to a user ID
LOCK USER**
[
userid
]
LOCK*
Prevent updates to a profile
LOCK PROFILE**
[
profid
]
MACLOAD
Load a macro to the
VM:Secure
service virtual machine
MACLOAD
MAINT
Perform line-mode user functions
MAINT
[
subfunction
]
MAINT
Perform line-mode management functions
MAINTMAN
[
entry
[
subfunction
]]
MAINT
Perform line-mode user functions for another user ID
MAINTMAN
entry
USER**
[
subfunction
]
MANAGE
Use all selections, 1 through 10, on the Manager Selection Menu (selections withheld are shown as ***not available***.)
MANAGE
[
entry
]
MANAGE
Create user IDs (part of selection 1)
MANAGE *NEWUSRS
MANAGE
Use menu selection 1
MANSEL01
[
entry
]
Create user IDs (part of selection 1)
MANSEL01 *NEWUSRS
MANAGE
Use menu selection 2
MANSEL02
[
entry
]
MANAGE
Use menu selection 3
MANSEL03
USER
[
entry
]
MANAGE
Use menu selection 4
MANSEL04
[
entry
]
MANAGE
Use menu selection 5
MANSEL05
[
entry
]
MANAGE
Use menu selection 6
MANSEL06
[
entry
]
MANAGE
Use menu selection 7
MANSEL07
[
entry
]
MANAGE
Use menu selection 8
MANSEL08
[
entry
]
MANAGE
Use menu selection 9
MANSEL09
[
entry
]
MANAGE
Use menu selection 10
MANSEL10
[
entry
]
MAP
Map a volume
MAP
[
volume
[
parameters
]]
MAY
Query the authorizations specified in the AUTHORIZ CONFIG file
MAY
[
entry
[
authwrds
]]
MDSKSCAN
Scan a user ID’s minidisks
MDSKSCAN
[
entry
]
MODIFY
Modify the SFS allocation for a user ID
MODIFY
[
userid
]
MOVE2SFS
Copy data from a minidisk to SFS
MOVE2SFS
MANAGE
SFSADMIN
[
userid
]
MULTIPLE
Perform user ID maintenance on several user IDs at the same time
MULTIPLE
MULTIPLE
Create several user IDs at the same time
MULTIPLE NEWUSER**
MULTIPLE
Remove several user IDs at the same time
MULTIPLE REMOVE**
[
entry
]
MULTIPLE
Place several user IDs on hold at the same time
MULTIPLE HOLD**
[
entry
]
MULTIPLE
Reactivate several held user IDs at the same time
MULTIPLE ACTIVATE**
[
entry
]
NEWIPL
Change an IPL system name or device in all directory entries to a new IPL system name or device
NEWIPL
NOLOG
Change a user ID’s password to NOLOG
NOLOG
[
userid
]
OVERRIDE
Alter privilege classes without shutting down
VM:Secure
CPOVERID
PAINT
Change a
VM:Secure
screen
PAINT
[
screen
]
PASSWORD
Set passwords for a user ID
PASSWORD
PASSWORD
Set only randomly generated passwords for a user ID
PASSWORD
userid
RANDOM**
PASSWORD
Set only a specific password for a user ID
PASSWORD
userid
SPECIFIC**
QLOCK
Display all
VM:Secure
locks
QLOCK
QPCB
List active
VM:Secure
processes
QPCB
QSTART
Display the time
VM:Secure
was most recently started
QSTART
QUERY
Displays information about monitored functions
QUERY
[
userid
]
QUERY
Displays account information about a user ID
QUERY ACCOUNT**
[
mgrid
]
QUERY
Display information about a manager's allocation space
QUERY ALLOC**
[
mgrid
]
QUERY
Display a user ID's privilege class
QUERY CLASS**
[
userid
]
QUERY
List the names of the file pools that
VM:Secure
manages
QUERY FILEPOOL**
QUERY
List user IDs on hold
QUERY HOLD**
[
userid
]
QUERY
List user IDs that are directory managers
QUERY MANAGERS**
QUERY
List user IDs whose passwords have not changed for a specified number of days
QUERY PASSWORD**
QUERY
List user IDs' directory entries that include a directory profile
QUERY PRFUSERS**
[
profile
]
QUERY
Display status information about the Servant Facility
QUERY SERVANT**
QUERY
List the names of the file pools and user storage groups from which you can allocate file space
QUERY SFS**
QUERY
List the skeleton files that a manager can use
QUERY SKELETON**
[
mgrid
]
QUERY
List the subpools that a manager can use
QUERY SUBPOOLS**
[
mgrid
]
QUERY
List the user IDs that a manager manages
QUERY USERS**
[
entry
]
QUERY
Display the
VM:Secure
release level
QUERY VERSION**
QUERY
Determine status of long-running commands
QUERY WORKUNIT**
[
userid
]
REBUILD
Condenses and defragments the CP object directory
REBUILD
[
userid
]
RECLAIM
Reclaim DASD space from MOVERO minidisks
RECLAIM
REPENTRY*
Replace a directory entry or directory profile
REPENTRY
[
entry
]
REPENTRY*
If the new entry adds a minidisk
ADDMDISK
[
entry
]
REPENTRY*
If the new entry changes a minidisk
CHGMDISK
[
entry
]
REPENTRY*
If the new entry deletes a minidisk
DELMDISK
[
entry
]
RESET
Reset any password violation count
RESET
RESET
Reset password violation counts for a user that occurred while verifying the password
RESET USERPASS**
[
userid
]
RESET
Reset password violation counts that occurred while trying to create a directory link
RESET VMXLINK**
[
userid
[
userid
[
vaddr
]]
REVOKE AUTHORITY
Allow a user to revoke access to a file space for other users
REVOKE AUTHORITY
filespace
[
userid
]
SUBCONFIG
None for menu access
Processing of SUBCONFIGs controlled by USER authorization
See USER
TAKEOVER
Force an AGENT server to become the MASTER
TAKEOVER
TRACE
Trace execution of a
VM:Secure
macro
TRACE
[
parameters
]
TRANSFER
Transfer a minidisk from one user ID to another
TRANSFER
[
entry
[
newowner
]]
ULIST
Display information about user IDs
ULIST
[
entry
]
UNLOCK*
Remove a CMS file, profile, or user ID lock
UNLOCK
UNLOCK*
Remove a lock from a CMS file
UNLOCK FILE**
[
fname
[
ftype
[
fmode
]] ]
UNLOCK*
Remove a lock from a profile
UNLOCK PROFILE**
[
profid
]
UNLOCK*
Remove a lock from a user ID
UNLOCK USER**
[
userid
]
USER
Use all selections, 1 through 11, on the User Selection Menu (selections withheld are displayed as ***not available***)
USER
[
userid
]
USER
Use menu selection 1
USESEL01
[
userid
]
USER
Use menu selection 2
USESEL02
[
userid
]
USER
Use menu selection 3
USESEL03
[
userid
]
USER
Use menu selection 4
USESEL04
[
userid
]
USER
Use menu selection 5
USESEL05
[
userid
]
USER
Use menu selection 6
USESEL06
[
userid
]
USER
Use menu selection 7
USESEL07
[
userid
]
USER
Use menu selection 8
USESEL08
[
userid
]
USER
Use menu selection 9
USESEL09
[
userid
]
USER
Use menu selection 10
USESEL10
[
userid
]
USER
Use menu selection 11
USESEL11
[
userid
]
VMXBKP01
Create a USER DIRECT file representing a copy of the
VM:Secure
directory database
BACKUP
MAY
[
userid
[
authority
]]
VMXBKP02
Create a backup copy of the
VM:Secure
directory database using DDR
BACKUP
VMXBKP03
Create a backup copy of the
VM:Secure
directory database using COPYFILE
BACKUP
VMXGNR
Generate the
VM:Secure
directory database and converts your CP source directory file into
VM:Secure
database format.
None required
VMXIPL
Write an IPLable program on the IPLDISK minidisk; when the program is initialized, it interacts with
VM:Secure
to update a user ID’s logon password
None required
VMXSRB
Generate a report of all audit data captured by
VM:Secure
None required
*
Part of the Application Programming Interface
**
Cannot be used in LIST records