The @CFDE macro defines an external field name and its related internal characteristics and attributes for a field contained in a structured CA ACF2 for z/VM record, such as a logonid record or a record structure block (RSB) module. CA reserves some @CFDE operands for internal use.
The AUTH, ALTER, and LIST authorization operands assume basic access to the logonid record. Privileges such as SECURITY or ACCOUNT, defined in the requester's logonid record and associated SCPLIST value, determine a user's access. CA ACF2 for z/VM verifies access to the logonid record before, and independently of, field‑level access controls. After CA ACF2 for z/VM grants access to the logonid record, it verifies individual field authorizations (AUTH, ALTER, and LIST). Logonid record access privileges supersede any logonid field‑level controls.
The syntax of the @CFDE macro is:
@CFDE name,symbol,type,AUTH=fieldname,ALTER=0|list,
LIST=0|list,FLAGS=0|list,BITMAP=0|bitmap,
PRTN=0|nn,RRTN=0|nn,GROUP=0|nn,MVFLAGS=0,
MVMIN=0|min,MVMAX=0|max,VRTN1=0|num,
VRTN2=0|addr,VPRM1=0|addr,VPRM2=0|addr,
DFTAD=0|addr,DFT=0,STATUS=0,INFOFLG=0,
INFOCLS=0,CFDENME=0,ZERO=NO|YES,PROMPT=NO|YES,
TRIM=YES|NO,VER=0,XTYPE=0,XSYMBOL=0,COUPLE=0,
COUPTYP=0,CBPROC=NO|YES,COUNTER=NO|YES
Specifies the external logonid field name. See the Administrator Guide for a list of CA ACF2 for z/VM‑supplied fields. For RSBs, name specifies the external name for a field&mdash.the name the ACF command refers to. It can be from one to eight characters and contain any characters valid in an assembler character constant. If it contains any special characters, you must enclose them in single quotes. If it contains single quotes or ampersands, you must double them, as in standard assembler character constant practice.
Specifies the symbolic label assigned to the logonid field in the LIDREC DSECT. For RSBs, symbol specifies the label on the field in the mapping DSECT that describes the infostorage record.
Specifies the field type. Valid types are:
BINARY
A one‑ to four‑byte binary field.
BIT
A bit field used as a switch or flag.
CHAR
A text field of one to 255 bytes.
CHEN
A four‑byte encoded character field (password). For RSBs, CHEN specifies an encrypted character field up to 255 bytes long.
HEX
A one‑ to 255‑byte hexadecimal field.
PACKED
An eight‑byte EBCDIC date field.
TIMEBIN
A four‑byte binary format time, expressed in units of 0.01 seconds past midnight.
TOD
An eight‑byte time stamp in number of microseconds past January 1, 1900 (store clock instruction). For RSBs, you can create your own processing routine to convert this field to the format stored on the CA ACF2 for z/VM database. To convert to display format, you can use the CA ACF2 for z/VM reconstruction routine.
Specifies the external name of a bit field in a user's logonid record that lets him alter this field. The external field name must refer to an CA ACF2 for z/VM‑supplied bit field or a user‑defined bit field name. CA ACF2 for z/VM checks for AUTH validation after it checks for ALTER validation.
Specifies privileges that can modify (ALTER) or display (LIST) this logonid field. Select multiple entries using a plus (+) sign. For example, ALTER=SECURITY+ACCOUNT indicates that any user having the SECURITY or ACCOUNT privilege can alter this field. A dash (-) limits the ALTER or LIST operands. For example, LIST=ALL-USER indicates that all requesters can list the field, except those with the USER privilege only. The ALTER and LIST operands have no default values. If you omit them, CA ACF2 for z/VM does not allow list or alter accesses. The privileges that you can specify are:
ACCOUNT
Account manager
ALL
All of these privileges
AUDIT
Auditor
CONSULT
Consultant
LEADER
Project leader
SECURITY
Security administrator
USER
Normal user
Provides a set of special field handling options that we describe below. Use a plus sign (+) to separate multiple options. The options are:
HUNDRED
For binary fields, the internal form is .01 units, while the external form is in units (ones).
If you are using the database synchronization component, you must also code the CBPROC=YES operand.
LIMIT
Do not return this field to requesters suppressing trivial fields. The SET NOTRIVIA subcommand of the ACF command supports LIMIT. This flag indicates CA ACF2 for z/VM displays the field only when you request the entire logonid record (that is, all fields in the logonid record).
MULTIVAL
This field supports multiple values.
MUTEXC
All bits in the byte are mutually exclusive and zeros all bits in the byte before turning any on. This is for bit fields only.
NEVER
Never return this field in response to a formatted retrieval request. Do not print this logonid field when you issue the LIST command.
NULL
If you do not specify this field, CA ACF2 for z/VM does not display the field name or value.
RESTRICT
Only unrestricted security administrators can change this field, such as users with the SECURITY privilege and no SCPLIST restrictions specified in their logonid record.
SPECIAL
Indicates that the ACF command bypasses validity checking of an input field value. The ACF command normally checks the length of character information and the maximum size of binary information. Use this option when a processing or validation routine will process this field value.
Indicates the bit pattern that represents the on condition for bit fields. This is a one‑byte value with a single bit set (for example, X'20'). You must represent the on condition by a 1 bit; you cannot have a flag that is on when its bit is off.
For RSBs, BITMAP applies only to fields with a type of BIT. It indicates the bit configuration that represents the particular bit flag in a byte. For example, suppose there was a byte containing two bit flags, defined like this in the mapping DSECT for the structured infostorage record:
FLAGBYTE DS X A BYTE OF BIT FLAGS BITFLAG1 EQU X'80' ...THE FIRST BIT FLAG BITFLAG2 EQU X'40' ...THE SECOND BIT FLAG
The @CFDE macros for these two flags look like this:
@CFDE FLAG1,FLAGBYTE,BIT,BITMAP=BITFLAG1,... @CFDE FLAG2,FLAGBYTE,BIT,BITMAP=BITFLAG2,...
Indicates the processing routine ID. This indicates which routine CA ACF2 for z/VM uses to convert the input data entered using the CHANGE or INSERT commands to the proper format for storage in the CA ACF2 for z/VM database. You do not need to specify a processing routine ID for standard CA ACF2 for z/VM data types. See the System Programmer's Guide for information about supporting user‑written processing routines.
Indicates the reconstruction routine ID. This indicates the routine CA ACF2 for z/VM uses to convert data stored in the database into display format for the LIST command output. You do not need to specify a reconstruction routine ID for standard CA ACF2 for z/VM data types. The CA ACF2 for z/VM‑supplied processing and reconstruction routines are:
|
RTNID |
PROCESS (PRTN) |
RECONSTRUCT (RRTN) |
Notes |
|---|---|---|---|
|
0 |
Null |
Null |
1 |
|
1 |
Character |
Character |
|
|
2 |
Packed |
Packed |
|
|
3 |
Switch |
Switch |
|
|
4 |
Binary |
Binary |
|
|
5 |
Password |
TOD |
|
|
|
Cancel/Suspend |
Construct UID |
|
|
|
Line/Attn |
Line/Attn |
|
|
9 |
Char |
|
2 |
|
10 |
Char(mask) |
Char(mask) |
3 |
|
11 |
Hexadecimal |
Hexadecimal |
4 |
|
12 |
Data encryption |
|
5 |
|
13 |
Prevent/Log/Allow |
Prevent/Log/Allow |
6 |
|
31 |
16-bit field processing |
Storage zie |
|
|
32 |
Special field replace |
Right‑justified hexadecimal |
|
|
33 |
|
Multistring fields |
|
|
34 |
|
One‑byte field conversion |
|
See the System Programmer's Guide for information about service machine access of user‑written routines.
Note the following:
Identifies the display group where CA ACF2 for z/VM is to format the output. See the @GROUP-Group Names for Logonid Display section for the GROUP names.
Identifies an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Specifies the minimum number of values the field can hold for a multivalued field.
Specifies the maximum number of values thefield can hold for a multivalued field. This is usually the same as the value specified for MAX on the ANULTFLD macro for the field.
Identifies an CA ACF2 for z/VM validation routine that verifies that data entered in a record field is appropriate for that field. Validation routines obtain control before the processing routine described previously. This operand is optional. You do not have to specify it for user‑defined fields. The VRTN1 validation routines supplied with CA ACF2 for z/VM include:
0
Requires no additional validation. This is the default.
1
Validates the source for a character‑field replacement. The source field must be a valid program or data set index‑level name that is one‑ to eight‑characters long. The first character cannot be numeric; the remaining ones can be alphanumeric or national. A blank string is valid.
2
Validates a source character field. It checks for a valid OS/VS data set name. It does not support GDG relative version numbers and PDS member names.
Matches a character value to a list value. The @VALUES macro defines this list.
Validates a binary value range.
Ensures that a user cannot perform a logonid record PASSWORD update until the MINDAYS interval contained in the logonid record expired.
Validates the key mapping operand.
Validates the full‑field specification.
11
Validates character fields. The services available include:
Validates bit set fields.
Validates storage size fields and converts them to a binary value that CA ACF2 for z/VM passes to ACSPR31P to store into the record.
Validates and right‑justifies a hexadecimal value. Validation options include:
CA ACF2 for z/VM passes the resulting value to the ACSPR32P processing routine.
33
Validates multistring fields and converts these strings to fixed length subfields. Validation includes:
34
Converts character input to a one‑byte equivalent. CA ACF2 for z/VM converts the input character string to a one‑byte equivalent. CA ACF2 for z/VM passes this converted value to the ACSPR32P processing routine.
See the System Programmer's Guide for information about service machine access of user‑written routines.
Identifies an CA ACF2 for z/VM validation routine that verifies that the data entered into a record field is appropriate for that field. This operand is optional. You do not need to specify it for user‑defined fields. VRTN2 validation routines supplied with CA ACF2 for z/VM include:
Requires no additional validation. This is the default.
14
Verifies that the value given for a two‑byte or a four‑byte binary field is not negative.
16
Validates the full field for bit set fields.
33
Sorts multivalued field entries and checks for duplicate entries. You can specify if CA ACF2 for z/VM should check the sort and duplication for only a portion of each entry.
See the System Programmer's Guide for information about supporting user‑written validation routines for RSB functions.
Specifies a parameter passed to the VRTN1 field validation routine. It points to a value list the @VALUES macro generates. Specify the label the @VALUES macro uses for addr.
Specifies a parameter to pass to the VRTN2 field validation routine.
Specifies the address of a remote default value the @CFDEDFT macro generates. Specify the label the @CFDEDFT macro uses for addr.
Specifies the default value for the field when you use the INSERT subcommand to insert the record. The default for each type of field is:
0
BIT
RESET
CHAR
Blanks
CHEN
Blanks
0
0
0
0
The DFT and DFTAD fields are mutually exclusive. Use DFTAD to specify the address of a remote default value that the @CFDEDFT macro generates.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
The default of ZERO=NO indicates that CA ACF2 for z/VM copies the model record field when you issue the INSERT USING subcommand. When you indicate ZERO=YES, CA ACF2 for z/VM does not copy the field.
Indicates whether CA ACF2 for z/VM prompts for the value of a field and you enter it in a nondisplay protected area. This is useful for fields where you add or change sensitive information, such as a password. The default is PROMPT=NO. If you specify PROMPT=YES and the field name is PASSWORD, CA ACF2 for z/VM issues the following message to prompt you for the password:
ACFpgm256R Enter new CA‑ACF2 password
You must then enter a new password for the logonid you specified in the CHANGE subcommand. CA ACF2 for z/VM then prompts you to reenter the password for verification. If you are changing a logonid, you cannot enter a value for PASSWORD. If you specify PROMPT=YES and the field name is not password, the following message prompts you for the value of this field:
ACFpgm799R Enter <fieldname> value:
Indicates whether CA ACF2 for z/VM should remove trailing blanks from character fields or zeros from hex fields when it displays the fields. The default value, TRIM=YES, removes trailing blanks or zeros.
Provides a one‑byte binary area to identify the version ID of an infostorage record.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates an CA ACF2 for z/VM internal validation operand. Do not code a value for it.
Indicates whether authorized programs can bypass processing routines when updating the field. CA ACF2 for z/VM internal processing uses this operand. Do not code a value for it.
Specifies whether a binary field is a counter. You update counter fields by addition or subtraction, rather than replacement. This ensures that you do not lose counts when you make multiple, almost‑concurrent updates. You cannot use the VRTN1 field validation routine three with counter fields.
CA ACF2 for z/VM requires the @CFDE macro for the supplied CA ACF2 for z/VM entries. It is optional for the addition of user fields. You can specify a total of 2048 @CFDE macros. If you add fields to the logonid record, you must also modify the USERLID or USERXLID COPY files to define the size and location of each additional field in the logonid record. The USERLID and USERXLID COPY files contain comments indicating where you should place these new fields. These COPY files are located in the ACF2USER MACLIB. You can also refer to installation step M9C0I021 for more information on modifying the USERLID and USERXLID COPY files.
The LIDREC DSECT contains all CA ACF2 for z/VM‑defined fields in the logonid record.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|