There may be times when it is necessary to change the authority level of a Precisely-supplied command while product-level security is in use. For example, you may want to change the SWTDG command within MIMIX, which requires *OPR authority, to require *MGT authority instead. Command authority support enables you to change authorization to specific commands. Any changes that are made to authority for a command are effective when product-level security is activated for each product in which the command can be used. Command authority changes are retained when upgrades are performed on the system.
The Change Command Authority (CHGCMDAUT) command allows you to modify the authority level of a Precisely-supplied command when product-level security is in use. When product authority is active, you must have *ADM authority to License Manager to run this command. The authority levels for CHGCMDAUT, GRTPRDAUT, RVKPRDAUT, and CHGLICKEY cannot be changed.
Care must be used when changing command authority for commands that are used by multiple products and for commands that are called internally within multiple products. (RUNCMD and RUNCMDS are examples of commands available in multiple products that can be run by users as well as can be invoked by functions within products.)
For example, you have a system with MIMIX products installed in three different libraries. Library A contains MIMIX licensed for Assure MIMIX Enterprise. Library B contains MIMIX licensed for Assure MIMIX Enterprise and Assure MIMIX for PowerHA. You have enabled product-level security for the products in libraries A and B. You have set up two group user profiles with product authority to control access to MIMIX functions in libraries A and B. One group has *OPR access and the other group has *MGT access. The members of the *OPR group are the same in both libraries, as are the members of the *MGT group. Library C contains Assure MIMIX Professional and you have not enabled product-level security for it. You have decided to use command authority to restrict authorization to the Start Precisely TCP Server (STRSVR) and End Precisely TCP Server (ENDSVR) commands to users with *MGT or higher authority. Because the command authority change is effective for every MIMIX product on the system but is only enforced for products that have enabled product-level security, the result of this decision will be:
All users can use the STRSVR and ENDSVR commands from library C (Assure MIMIX Professional) because command authority is not enforced when product-level security is disabled.
Members of the group profile with *OPR authority in libraries A and B cannot use the STRSVR and ENDSVR commands because the command authority changed to a level higher than that to which their group is authorized.
Members of the group profile with *MGT authority can run the STRSVR and ENDSVR commands in libraries A and B because their group has the appropriate authority.
If product-level security is enabled for Assure MIMIX Professional in library C, only members of the group profile with *MGT authority can run the STRSVR and ENDSVR commands in library C.