Command Reference

Syntax and descriptions of all commands.
vmx32besp
This section presents overview information for
CA VM:Secure
commands, then provides the syntax and explains each command in detail. The commands are organized alphabetically.
On this page:
Table of Commands
The table below lists and briefly describes the
CA VM:Secure
commands. The authorizations section in the
Administrators
lists the authorizations users must have in the AUTHORIZ CONFIG file to use these commands for the purposes listed in that table. (Commands followed by an asterisk are part of the Application Programming Interface.)
Command
Function
Terminates CA VM:Secure operation abnormally
Dynamically traces ACI security events
Creates a user ID or directory profile
Adds a minidisk for a user ID
Creates or opens for edit a directory pool definition, a directory profile, or a skeleton file, or opens the VMSECURE GLOBALS file, the VMSECURE MANAGERS file, the VMSECURE POSIX file, or the SFS Managers Configuration Menu
Assigns a user ID to a different manager
Extracts current audit information
CAN
Queries the CA VM:Secure rules database about authorizations
Renames a user ID
Moves or changes a minidisk
Changes all references to the volser of any DASD volume controlled by CA VM:Secure
Assigns a CP privilege class
CMD
Routes another command to an Agent product server in a Single System Image environment
CMS
Executes a CMS or CP command on the CA VM:Secure service virtual machine
Defragments disk storage
Opens the configuration files for editing or updates the SFS configuration
Allows authorized users to run the CP DASD FORMAT/ALLOCATE utilities CPFMTXA/ICKDSF
Deletes an existing user ID or directory profile
Deletes file spaces for an active user ID
Deletes a user ID’s minidisk
Displays links to a user ID’s minidisks
Creates a directory entry for a new user ID, based on the directory entry for an existing user ID
Creates an exact duplicate of an existing minidisk
Opens a user directory entry for editing
EDX
Opens a user directory entry for editing, expanding any INCLUDE statement in that directory entry
END
Terminates CA VM:Secure operation normally
Enrolls a user ID in an SFS file pool
Updates or queries an attribute or statement in a directory entry. Subcommands specify the type of attribute or statement that is affected.
Expires a user ID’s logon password
Extracts directory information
Places a user ID in a security group
Adds history records to a user ID’s directory entry
Adds an INCLUDE statement to a user ID’s directory entry
Retrieves a current copy of a user ID’s directory entry or a directory profile
Displays user ID password expiration information
Authorizes users to gain access to SFS directories or the files in them
Makes a user ID a temporary member of a new security group
Displays a user ID’s history records
Converts user IDs whose passwords were expired before the Rules Facility was installed to the Rules Facility method of password expiration
Displays password violations or resets a password violation count to zero
Lists all authorizations in the AUTHORIZ CONFIG file that pertain to an individual user ID or authority
LOCAL (prefix)
Directs that the CA VM:Secure product server on the local node execute the command
Prevents updates to a CMS file, user ID, or directory profile
Creates messages to send to user IDs at specific events
Copies a macro from your A-disk to the CA VM:Secure service virtual machine’s A-disk
Performs line-mode USER command and MANAGE command functions
Displays screens that let you define new user IDs and modify existing ones
MAP
Maps a volume
MAY
Queries an authorization in the AUTHORIZ CONFIG file
Scans a user ID’s minidisks
MFA
Displays or modifies the current MFA configuration
Modifies the SFS allocation limits for a user ID
Copies data from minidisks to SFS
Performs user ID management functions on many user IDs at the same time
Changes an IPL system name or device in all directory entries to a new IPL system name or device
Changes a user ID’s password to NOLOG
Alters privilege classes without shutting down CA VM:Secure
Changes a CA VM:Secure screen
Sets a password for a user ID
Displays information about the CP component configuration
Displays all CA VM:Secure locks
Lists active CA VM:Secure processes
Queries the rules set up for a user ID (Present only if Rules Facility is installed)
Displays the time CA VM:Secure was most recently started
Provides information about a number of CA VM:Secure functions
Condenses and defragments the CP object directory. Use this command only under the direction of Technical Support
Reclaims DASD space from MOVERO minidisks
Replaces a directory entry or a directory profile
Resets password violation counts for user IDs and terminal addresses
Revokes access to SFS directories and the files in them from users
Displays rules of various kinds
Changes a user ID’s rules, a group’s override or default rules, or the system override or system default rules. (Present only if Rules Facility is installed)
Searches and returns information about records in the VM source directory.
Queries and sets the system word
TAG*
Adds or manipulates user or installation specific named directory comment records.
Recovers from an outage of the member node running the Master product server virtual machine in a Single System Image environment.
Traces execution of a CA VM:Secure macro
Transfers a minidisk from one user ID to another
Displays information about user IDs
Removes a lock from a CMS file, profile, or user ID
Lets users modify values in their own directory entry
Logon Password Prompts
All
CA VM:Secure
commands, except for the following, prompt for a logon password before you can use them:
  • DISPLINK
  • EXTRACT
  • GROUP
  • HISTORY
  • IPLDISKX
  • PAINT
  • QLOCK
  • QPCB
  • QRULES
  • QSTART
  • QUERY
This is a security feature to protect unauthorized use of powerful commands through your user ID. However, if your terminal is secure and there is no reason to restrict your user ID’s activity, you can give yourself NOPASS authorization in the AUTHORIZ CONFIG file to all the other commands. You can give authorization to bypass this password requirement when appropriate -- for example, when users need to run EXECs that include these commands.
Positional Parameters
Many parameters for
CA VM:Secure
commands are positional. For commands where this is so, you must specify all parameters that precede a positional parameter if you want to specify that positional parameter.
Many positional parameters have default values, which are indicated by asterisks in command syntax boxes. You can enter an asterisk for these positional parameters to use the parameter’s default value.
For commands that support pattern matching by use of an asterisk, this manual does not display the asterisk in the command syntax box, but explains in the description of the relevant parameter or option that it supports pattern matching through use of the asterisk.