There are circumstances when access to systems and files should be restricted to certain users depending on their need. Granulated privileges enable the security administrator to assign a subset of privileges for users to perform their jobs, but also limit unnecessary access to the system.
Granulated privileges can be specified for both usercodes and code files. However, the Security Identification Facility is required before granulated privileges associated with usercodes can be used.
-
Privileges for usercodes are defined in the USERDATAFILE.
-
Privileges for code files are defined using the Mark Program (MP) system command.
Web Transaction Server and WEBPCM applications can access a user's MCP granulated privileges through the API.
