Our site is basically geared towards running TPF test systems. Each test system has a VPARS (from the VSSI vendor) database. For example a database may consist of 3 virtual mdisks - 8500-8502. Sometimes the databse fills up and a temporary mdisk is added.

Our current procedure is as follows:
Add a mdisk at say F003. The end user formats the disk and when that is complete the disk has to be changed to 8503 which I do with the EDIT command.

What I would like is a way to allow specific users to change virtual minidisk addresses for test systems under their control.

Can that be done, changing minidisk address without using EDIT ?

 

Running VM:Secure r3.2 on z/VM 6.4. 

Yes, you can accomplish this without using EDIT.

Try using VM:Secure's MAINT command with the DEFINE parameter.

Example:   vmsecure maint define 999 666

VMXMAI0387I Entry 'YVONNE' link '0111' was updated.
VMXMAI0317I Directory updated online.

In the above example, user DEMYV01 was logged on and changed their 999 to 666. VM:Secure will change any links to the old address to the new address for you.

You can authorize a user to do MAINT on another user.  The default is on the user ID you are logged on to.  Although, if you are doing it for a user other than the one you are logged on to, you need to use the MAINT MANAGE USER form of the command.

For instance:  vmsecure maint manage yvonne

VMXMAI0423I Performing maintenance on user 'YVONNE'.
VMXMAI0408R Enter manage subfunction: user define 997 887
VMXMAI0387I Entry 'DEMYV01' link '0997' was updated.
VMXMAI0408R Enter manage subfunction: quit VMXMAI0317I Directory updated online.

As shown above, user DEMYV01 was doing the MAINT MANAGE on user YVONNE to change their  997 disk to 887.

For additional information, see the MANAGE part of MAINT in VM:Secure's Reference guide that you can access at:

https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/reference/command-reference/maint-command 

As doc'ed:

[Manage entry subfunction] 
For directory managers; defines USER or IDENTITY directory entries or manages existing USER, IDENTITY, or SUBCONFIG entries. You can manage only one entry per session and cannot manage your own directory entry. When you use this parameter you are placed in a VM READ state, from which you can enter one of the MAINT MANAGE command subfunctions listed below. 

In the case of the DEFINE operand, it is part of the USER functions of MAINT so you have to say: 

VMSECURE MAINT MANAGE userid USER DEFINE nnn nnn

You can specify it all on one line but MAINT is a prompt-driven routine so you have to enter QUIT to stop the MAINT updating. It is a little odd compared to the rest of VM:Secure commands. 

You can specify that a user can only do a particular MAINT MANAGE function for a user. 

For example: 
GRANT MAINTMAN OVER DEMYV01 USER DEFINE TO YVONNE

Says that YVONNE can issue MAINT MANAGE user command DEFINE to change virtual addresses on DEMYV01. 

You can find authorizations you can use for commands in the VM:Secure Administrator's guide 
at the end of the section on 'Administering Authorizations' that you can access at:


https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/administrators/administrating-authorizations/authorization-to-use-ca-vm-secure-commands-and-utilities