|
Record ID |
Fields |
|---|---|
|
CMDLIM |
COMMANDS(null|cmdname1,...,cmdname256) |
The CMDLIM VMO record provides CA ACF2 for VM validation for CP commands. Use the INCLUDE or EXCLUDE values to list the commands. You cannot reload this record. IPL the system to make any changes effective.
Specifies all protected commands. You can specify up to 256 command names.
Specifies how to limit the commands. The values for the LIMIT operand are defined below.
ALL
This is the default. It specifies that CA ACF2 for VM validates all CP commands.
NONE
Specifies that CA ACF2 for VM will not validate any CP commands.
INCLUDE
Indicates that CA ACF2 for VM validates the commands listed.
EXCLUDE
Indicates that CA ACF2 for VM does not validate the commands listed.
Specifies the three‑character name that identifies the appropriate command limiting model for this VM system. Each command limiting model defines a valid syntax for a CP command to CA ACF2 for VM. E21 is the default for command limiting models.
Note: The value of MDLTYPE can be any three‑characters that normally identifies the set of models as belonging to a particular CP release or to a particular VM system.
Specifies the mode that CA ACF2 for VM command limiting is performed in. With this operand, you can implement the command limiting feature gradually. However, the mode for this operand applies only to command limiting and is independent of the CA ACF2 for VM system mode. The command limiting modes are defined below.
ABORT
Indicates the command is denied.
WARN
Indicates execution is allowed, but the violation is logged and a warning message is issued to the user.
LOG
Indicates execution is allowed and the violation is logged.
QUIET
Indicates CA ACF2 for VM command limiting is disabled. However, you can still issue commands.
RULE,no‑rule,no$mode
Indicates CA ACF2 for VM checks the $MODE control statement in the command limiting rule.
Sets the global SPOOL FILE NOT FOUND option for the system. NOSPOOL defines the actions that CA ACF2 for VM takes whenever you issue a CP spool command for a spool file that does not exist. (There are two CA ACF2 for VM mechanisms for overriding this operand. They are explained following this text.) You can specify one of four keyword options to enable CA ACF2 for VM to take these actions when spool file errors are found:
PREVENT
This is the default. It causes CA ACF2 for VM to display the following message:
ACFpgm277I No spool files found
CA ACF2 for VM automatically denies the command so that it never reaches the IBM CP command processor. This avoids the overhead of going through rule validation, and the overhead of passing the command to CP where it would be rejected. CA ACF2 for VM does not issue a violation and the SEC‑VIO count is not incremented because of the syntax error. CA ACF2 for VM does not create an SMF record for the error.
PREVENT‑LOG
This setting works the same as PREVENT, but the error generates an SMF record that appears in the Command Limiting Journal. This option does not cause a violation.
LOG
CA ACF2 for VM passes the command to CP for normal syntax checking. CP issues you the standard error messages. CA ACF2 for VM creates an SMF record for the error, and it appears in the Command Limiting Journal.
ALLOW
CA ACF2 for VM passes the command to CP for normal syntax checking. CP sends you the standard error message. CA ACF2 for VM does not create an SMF logging record for the error.
The NOSPOOL field of the CMDLIM VMO record is one mechanism for changing the way CA ACF2 for VM handles a SPOOL FILE NOT FOUND condition. You can also override this operand two other ways:
Specifies how you want CA ACF2 for VM to react to each SPOOL FILE NOT FOUND condition (PREVENT, PREVENT‑LOG, LOG, or ALLOW). This is the second level of override.
Logonid record field
Specifies how you want CA ACF2 for VM to react when a user spool command results in a SPOOL FILE NOT FOUND condition (PREVENT, PREVENT‑LOG, LOG, or ALLOW). This is the highest level of override.
When the default is in effect for both mechanisms, CA ACF2 for VM performs the same way as the PREVENT option for the NOSPOOL field.
For more information on these override features, consult the Command and Diagnose Limiting Guide.
Sets the global command syntax error option for the system. SYNERR defines the actions CA ACF2 for VM takes when it finds a command syntax error. You can specify one of four keywords to let CA ACF2 for VM take these actions when it finds command syntax errors:
PREVENT
This is the default for the SYNERR operand. CA ACF2 for VM denies the command so it never reaches the IBM CP command processor. This avoids the overhead of going through rule validation, and the overhead of passing the command to CP where it would be rejected. CA ACF2 for VM does not send a violation and the
SEC‑VIO count is not incremented.
CA ACF2 for VM does not create SMF records for the error. It rejects the command and sends the following message:
ACFpgm274E ACF2 syntax error, Operand number 'nn'‑command 'cmd' rejected
PREVENT‑LOG
This setting works the same as PREVENT, but
CA ACF2 for VM generates an SMF record that appears in the Command Limiting Journal. This does not cause a violation.
LOG
CA ACF2 for VM passes the command to CP for normal syntax checking. CP issues you standard error messages. CA ACF2 for VM writes an SMF record and it appears in the Command Limiting Journal (ACFRPTCL).
ALLOW
CA ACF2 for VM passes the command to CP for normal syntax checking. CP issues standard error messages and CA ACF2 for VM does not create an SMF record for the error.
The SHOW CMDLIM subcommand displays the command limiting options in effect. For more information about this record, see the Command and Diagnose Limiting Guide.
|
Copyright © 2009 CA Technologies.
All rights reserved.
|
|