LIST Record

Contents
vmx32besp
Contents
Use the LIST record to create a list of user IDs or authorizations to use on GRANT and WITHHOLD records.
LIST 
*listname
 {
userids
|
authwords
}
Configuration File
LIST is defined in the AUTHORIZ CONFIG file.
Definitions
  • *listname
    Defines a name for the list. The first character must be an asterisk; you can use up to seven alphanumeric characters for the rest of the name.
  • userids
    Consists of a list of user IDs, separated by blanks that are to belong to
    listname
    . These user IDs will have the same authorizations when you use this list name in a GRANT or WITHHOLD record.
  • authwords
    Consists of a list of single-word authorizations, separated by blanks that are to belong to
    listname
    . These authorizations will all be granted or withheld from one or more users when you use this list name in a GRANT or WITHHOLD record.
Description
The LIST record is optional. Using LIST records you can:
  • Build lists that supplement the special authorizations provided with
    VM:Secure
    .
  • Nest lists created with one LIST record in lists created by another LIST record.
  • Create user ID lists and authority lists in separate LIST records, then use these lists in a GRANT or WITHHOLD record.
Verify any items associated with the LIST record;
VM:Secure
does not validate LIST record items.
For more information about using lists in authorizations, see User ID Lists and Authorization Lists in the section "Authorizations" in the
Administrators
.
Examples
  • When you put a command on a LIST record and grant that list of commands to a user ID, you are giving that user ID authority to use the command over all user IDs. For example, the MANAGE command is one of several commands specified for the *DIRCMDS authorization by the following LIST record, which you then use to grant *DIRCMDS authorization to ELROY, a manager at your site:
    LIST *DIRCMDS MANAGE QUERY PASSWORD GRANT *DIRCMDS TO ELROY
    The combination of this LIST record and this GRANT record is equivalent to the following record, and means that ELROY can manage anyone:
    GRANT MANAGE OVER *ALL TO ELROY
  • In contrast to the previous example, assume the MANAGE command is not part of any authorization list, and, in fact, the authorization *DIRCMDS does not exist. On a GRANT record, give ELROY permission to use the MANAGE command:
    GRANT MANAGE TO ELROY
    This GRANT record is equivalent to the following record, and means that ELROY can manage only his own users:
    GRANT MANAGE OVER *DIRUSRS OF *SELF TO ELROY
  • Define the list called *MYGRP that includes the user IDs USER01, USER02, USER03, and USER04:
    LIST *MYGRP USER01 USER02 USER03 USER04
  • You want all users in the list *MYGRP, defined above, to be able to extract audit records, take
    VM:Secure
    backups, and use the EXTRACT command. Define a list called *MYAUTHS that includes the
    VM:Secure
    commands these user IDs should be allowed to use, then grant authority to *MYAUTHS to the user IDs in the list *MYGRP:
    LIST *MYAUTHS AUDITEXT BACKUP EXTRACT MAY GRANT *MYAUTHS TO *MYGRP