For additional information, see the MANAGE part of MAINT in VM:Secure's Reference guide that you can access at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/reference/command-reference/maint-command As doc'ed:
[Manage entry subfunction]
For directory managers; defines USER or IDENTITY directory entries or manages existing USER, IDENTITY, or SUBCONFIG entries. You can manage only one entry per session and cannot manage your own directory entry. When you use this parameter you are placed in a VM READ state, from which you can enter one of the MAINT MANAGE command subfunctions listed below.
In the case of the DEFINE operand, it is part of the USER functions of MAINT so you have to say:
VMSECURE MAINT MANAGE userid USER DEFINE nnn nnn
You can specify it all on one line but MAINT is a prompt-driven routine so you have to enter QUIT to stop the MAINT updating. It is a little odd compared to the rest of VM:Secure commands.
You can specify that a user can only do a particular MAINT MANAGE function for a user.
For example:
GRANT MAINTMAN OVER DEMYV01 USER DEFINE TO YVONNE
Says that YVONNE can issue MAINT MANAGE user command DEFINE to change virtual addresses on DEMYV01.
You can find authorizations you can use for commands in the VM:Secure Administrator's guide
at the end of the section on 'Administering Authorizations' that you can access at:
https://docops.ca.com/ca-vm-secure-for-z-vm/3-2/with-security-mgmt/en/administrators/administrating-authorizations/authorization-to-use-ca-vm-secure-commands-and-utilities