ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

"GRANT NOPASS TO" in AUTHORIZ CONFIG

book

Article ID: 226388

calendar_today

Updated On:

Products

VM:Secure for z/VM

Issue/Introduction

Looking in the manuals for a description of what this actually does.

I assume that this is for commands like LINK and XAUTOLOG. 

Then I also assume that EG if a user has a LINK rule with NOPASS and also is listed on a GRANT NOPASS that this is then a 'double' NOPASS that is overkill and not necessary?

Environment

Release : 3.2

Component : VM:Secure for z/VM

Resolution

The AUTHORIZ CONFIG file can contain the following three types of records that are used to identify and set up user authorization for VM:Secure commands:

  • GRANT
  • LIST
  • WITHHOLD

 

GRANT NOPASS in the AUTHORIZ CONFIG pertains to VMSECURE commands the user is authorized to use.   Many VM:Secure commands require users to enter their logon passwords when they issue the command. 

To authorize user IDs to use a command without having to enter their logon passwords, give the user IDs NOPASS authorization.  In this context, NOPASS is the authorization you are giving  to use an entire command, a command and some of its parameters, or a list of commands.

 

Click on this link for helpful information documented in the VM:Secure Admin guide for "Waiving Password Requirements":

 

https://techdocs.broadcom.com/us/en/ca-mainframe-software/traditional-management/ca-vm-secure-for-z-vm-with-security/3-2/administrators/administrating-authorizations/granting-authorization-to-a-command-or-utility.html
 

 

 

Additional Information

Additionally, you can configure Rules so you don't have to provide a password when LINKing. You need an ACCEPT NOPASS. 

Here's an example for user ID VMANAGER.
 
Issued command VMSECURE RULES SYSTEM to show this.
 
ACCEPT VMANAGER LINK * * (NOPASS ACCEPT 
ACCEPT VMANAGER XAUTOLOG (NOPASS ACCEPT VMANAGER LOGONBY
 
With these rules in place, VMANAGER can link to any user's disk and not have to provide a password.