Previous Topic: Cannot log on to Policy Administration Interface using Quick Links module


CA Chorus and ESM Field Name Comparison

The following table provides a list of field names displayed in CA Chorus and the CA ACF2 and CA Top Secret equivalent:

CA Chorus

CA ACF2

CA Top Secret

System ID

Supplied as the input parameter in the CIA UNLOAD job or defaults to the SMCASID (the z/OS SMFID) where the CIA UNLOAD job was executed

SYSID

DCO Record Identifier

RECORD ID of DCO DATA record

Limits: Begins with the DATA keyword, followed by a 1 to 28 character qualifier.

Combination of DCLASS + RCLASS + a sequence number

Regulation Class

DCLASS of DCO DATA record

Limits: Multi-valued field of up to 32 bytes per character.

DCLASS

Sequence

Identifies the sequence number of the DCLASS value in the DCLASS list of DCO DATA record

A number assigned to differentiate the combination of DCLASS and RCLASS starting with 0001

Data Classification Description

DESC of DCO DATA record

Limits: 32 bytes

DESCRIPT

Limits: 32 characters. If the description field contains blanks, enclose it in single quotes.

Resource Class Name

RCLASS of DCO DATA record

Limits: 8 bytes

RCLASS

Resource Class

TYPE of DCO DATA record

Limits: Four characters, beginning with R for a generalized resource and D for a DB2 resource.

RCLASS

Resource Name/Mask

RESOURCE of DCO DATA record

Limits: 255 bytes, using the dash (-) as the masking character.

RESNAME

Limits: 1 to 255 characters

First Entitlement Owner ID

OWNER1 of DCO DATA record

Limits: This is a logonid value.

OWNER1

Second Entitlement Owner ID

OWNER2 of DCO DATA record

Limits: This is a logonid value.

OWNER2

First Entitlement Owner Name

ONAME1 of DCO DATA record

Limits: 255 bytes

ONAME1

Limits: 1 to 255 characters. If the data contains blanks, enclose the data in quotation marks.

Second Entitlement Owner Name

ONAME2 of DCO DATA record

Limits: 255 bytes

ONAME2

Limits: 1 to 255 characters. If the data contains blanks, enclose the data in quotation marks.

Resource Class

R' + $TYPE for resource, 'D' + $TYPE for DB2 rules, 'DATASET' for access rules

Resclass

Rule Key

$KEY

Limits: 8 characters

Owned resource

Authorization ID

UID, ROLE, USER

acid

Rule Sequence Number

Sequence number of this permission in the rule set.

Number used to identify which perm tables go together (permxref/permlibx/etc)

Rule Resource Name/Mask

DSNMASK for access rules, RSRCMASK for resource and DB2 rules

Limits: 1 to 22 levels of qualifiers, with each qualifier beginning with: an alphabetic character, @, $, or #. Maximum of 8 characters per level, and 44 characters total.

Resource name

Non-Prefix Resource Mask

n/a

n/a

Rule Set Prefix

$PREFIX

Limits: 24 characters

n/a

Next Ruleset for Validation

$NEXTKEY

Limits: 8 characters

n/a

Application Indicator

n/a

T = TSS A = ACF2

Authorization Type

UID, ROLE, USER

U = User type vs R = Profile

TSS Last Change Administrator ID

n/a

ADMINBY acid

TSS Last Change Date

n/a

ADMINBY date

TSS Last Change Time

n/a

ADMINBY time

Activation Date

ACTIVE

Format: MM/DD/YY

n/a

Expiration Date

UNTIL, FOR

Format: MM/DD/YY

UNTIL

Associated Data

n/a

The list of access levels available to this particular resource

Allow Read Access

READ(ALLOW, LOG, PREVENT), SERVICE(READ)

ACCESS(READ)

Allow Write Access

WRITE(ALLOW, LOG, PREVENT)

ACCESS(WRITE)

Allow Update Access

SERVICE(UPDATE)

ACCESS(UPDATE)

Allow Delete Access

SERVICE(DELETE)

ACCESS(DELETE)

Allow Execute Access

EXECUTE(ALLOW, LOG, PREVENT), SERVICE(EXECUTE)

ACCESS(EXECUTE)

Allow Add Access

SERVICE(ADD)

ACCESS(ADD)

Allow All Access

If SERVICE is not specified, the default is all services

ACCESS(ALL)

Allow Allocate Access

ALLOCATE(ALLOW, LOG, PREVENT)

ACCESS(ALLOCATE)

Allow Alter Access

SERVICE(ALTER)

ACCESS(ALTER)

Allow DB2 Alterin Access

SERVICE(ALTERIN)

ACCESS(ALTERIN)

Allow DB2 Any Access

SERVICE(ALL)

ACCESS(ANY)

Allow TSS APPC Access

n/a

ACCESS(APPCLU)

Allow TSS Autolog Access

n/a

ACCESS(AUTOLOG)

Allow DB2 Bind Access

SERVICE(BIND)

ACCESS(BIND)

Allow TSS BLP Access

n/a

ACCESS(BLP)

Allow TSS Browse Access

n/a

ACCESS(BROWSE)

Allow TSS Collect Access

n/a

ACCESS(COLLECT)

Allow TSS Control Access

n/a

ACCESS(CONTROL)

Allow Copy Access

SERVICE(COPY)

ACCESS(COPY)

Allow Create Access

SERVICE(CREATE)

ACCESS(Create)

Allow DB2 Create In Access

SERVICE(CREATEIN)

ACCESS(CREATEIN)

Allow DB2 Create Table Access

SERVICE(CRETAB),
SERVICE(CREATETAB)

CRETAB privilege

Allow DB2 Create Tablespace Access

SERVICE(CRETS),
SERVICE(CREATETS)

CRETS privilege

 

Allow DB2 Admin Access

SERVICE(DBAM)

DBADM privilege

Allow DB2 DB CNTL Access

SERVICE(DBCTRL)

DBCTRL privilege

Allow DB2 DB MAINT Access

SERVICE(DBMAIN)

DBMAINT privilege

Allow DB2 Display DB Access

SERVICE(DISPDB)
SERVICE(DISPLAYDB)

DISPDB privilege

Allow DB2 Drop Access

SERVICE(DROP)

DROP privilege

Allow DB2 Drop in Access

SERVICE(DROPIN)

DROPIN privilege

Allow TSS Eread Access

n/a

ER (Exclusive read)

Allow TSS Ewrite Access

n/a

EW (Exclusive write)

Allow TSS Exec Access

n/a

ACCESS(Execute)

Allow TSS FEOV Access

n/a

FEOV ACCESS

Allow TSS Fetch Access

n/a

ACCESS(FETCH)

Allow TSS Find Access

n/a

ACCESS(FIND)

Allow TSS Grplogon Access

n/a

For VMACH - Group logon

Allow DB2 Image Copy Access

SERVICE(IMAGCOPY)

IMAGCOPY privilege

Allow DB2 Index Access

SERVICE(INDEX)

INDEX

Allow TSS Inquire Access

n/a

INQUIRE

Allow DB2 Insert Access

SERVICE(INSERT)

TABLE INSERT

Allow TSS Install Access

n/a

INSTALL

Allow DB2 Load Access

SERVICE(LOAD)

LOAD privilege

Allow TSS Logon Access

n/a

LOGON

Allow TSS Mread Access

n/a

VM Minidisks - MULTI READ

 

Allow TSS Multi Access

n/a

MULTI

Allow TSS Mwrite Access

n/a

MULTI/WRITE MW

Allow TSS Nocreate Access

n/a

NOCREATE

Allow TSS None Access

n/a

NONE

Allow TSS Noshr Access

n/a

LOAD NOSHR

Allow TSS Unknown Access

n/a

OTHER

Allow DB2 Package Admin Access

SERVICE(PACKADM)

DB ADMIN/DB2 Package

Allow TSS Perform Admin Access

n/a

PERFORM

Allow TSS Purge Access

n/a

PURGE

Allow DB2 Recover DB ACCESS

SERVICE(RECOVDB),
SERVICE(RECOVERDB)

RECOVER/RECOVDB privilege

Allow DB2 Refer Access

SERVICE(REFER)

REFER

Allow DB2 Reorg Access

SERVICE(REORG)

REORG/REORG privilege

Allow DB2 Repair Access

SERVICE(REPAIR)

REPAIR/REPAIR privilege

Allow TSS Replace Access

n/a

REPLACE

 

Allow TSS Scratch Access

n/a

SCRATCH

Allow TSS Search Access

n/a

SEARCH

Allow DB2 Select Access

SERVICE(SELECT)

SELECT/TABLE SELECT

Allow TSS Set Access

n/a

SET

Allow TSS SHR Access

n/a

SHR/LOAD SHR

Allow TSS Smulti Access

n/a

SMULTI/SM (Stable multi)

Allow TSS Sread Access

n/a

SREAD/SR (Stable read)

Allow DB2 Start DB Access

SERVICE(STARTDB)

DB START/STARTDB privilege

Allow DB2 Stats Access

SERVICE(STATS)

STATS/STATS privilege

Allow DB2 Stop DB Access

SERVICE(STOPDB)

STOP DB/STOPDB privilege

Allow TSS Surrogate Access

n/a

SURROGATE

Allow TSS Swrite Access

n/a

SWRITE/SW (Stable write)

Allow DB2 Trigger Access

SERVICE(TRIGGER)

TRIGGER/TRIGGER privilege

Allow DB2 Usage Access

SERVICE(USAGE)

USAGEDB/Usage privilege

Allow TSS Use Access

n/a

USE

Log Access

n/a

ACTION(AUDIT)

Deny Resource

n/a

ACTION(DENY)

Call Exit

n/a

ACTION(EXIT)

Process Fail

n/a

ACTION(FAIL)

Skip Dataset Validation

n/a

ACTION(NODSN)

Notify Console

n/a

ACTION(NOTIFY)

Return Control for Password

n/a

ACTION(PASSWORD)

Reverify Password

VERIFY

ACTION(REVERIFY)

Use VM Privileged Commands

n/a

ACTION(VMPRIVILEGE)

Access Mode in Effect

$MODE(Quiet|Log|Abort)

MODE

DDNAME Required for Permission

DDNAME(ddnmask)

Limits: 8 characters

n/a

Dataset Volume Required for Permission

VOLUME(volmask)

Limits: 6 characters

n/a

Day Restriction

Shift record ID

Either CALENDAR record, or DAYS keyword

Time Restriction

Shift record ID

Either TIMEREC record or TIMES keyword

Source Record ID

SOURCE(sourcemask) masked name of the source group records

Limits: 8 characters

SOURCE keyword

APPLDATA Value

n/a

APPLDATA

Owner

$OWNER, for db2 rules $LIDOWNER(logonid), $UIDOWNER(uidmask)

Owner of the resource

Owner Type

$LIDOWNER(logonid), $UIDOWNER(uidmask)

Acid type of the Owner - OR D for Department, V for Division and Z for Zone

ACF2 $RESOWNER Value

$RESOWNER

Limits: 8 characters

n/a

ACF2 $OWNER Value

$OWNER

Limits: 24 characters

n/a

ACF2 Last Change Administrator ID

ACALLID in ACAREC, ACGLID in ACGREC

n/a

ACF2 Last Change Date

ACATOD in ACAREC, ACGTOD in ACGREC

n/a

ACF2 Last Change Time

ACATOD in ACAREC, ACGTOD in ACGREC

n/a

ACF2 $USERDATA Value

$USERDATA

Limits: 64 characters

n/a

Rule Key

$KEY

Limits: 8 characters

RESOURCE

RESOURCE Parameter

Supplied as input by user and relates to DSNMASK and RSRCMASK

RESOURCE

SYSID Parameter

Supplied as input by user and relates to the CIA SYSID

SYSID

TYPE Parameter

Supplied as input by user and relates to 'R' + $TYPE for resource, 'D' + $TYPE for DB2 rules, 'DATASET' for access rules

RESCLASS

PREFIX Parameter

Supplied as input by user and relates to $PREFIX

N/A

Allow TSS Discard Access

n/a

DISCARD access

Allow DB2 Drop In Access

SERVICE(DROPIN)

DROPIN privilege

Rule Key

$KEY

Limits: 8 characters

N/A

Rule Sequence Number

Sequence number of this permission in the rule set

N/A

Column Name

COLUMN

N/A

Resource Class

n/a

Resclass

Rule Key

n/a

Resname

Authorization ID

n/a

Acid name

Rule Sequence Number

n/a

Number used to identify which perm tables go together (permxref/permlibx/etc)

Facility Name

n/a

Facility

Rule Key

$KEY

Limits: 8 characters

Resname

Library Name

LIBRARY(libmask)

Limits: 44 characters

LIBRARY

Program Name

PGM(pgmmask), PROGRAM(pgmmask)

Limits: 8 characters

PRIVPGM

Permission System ID

n/a

SYSID of the system where the resource requiring this permission is used

Role ID

ROLENAME part of the Record Id of an X-ROL record

Limits: 1 to 8 characters

PROFILE

Record System ID

SYSID part of the Record Id of an X-ROL record

Limits: 1 to 8 characters

N/A

Role Type

ROLE or GROUP specified in an X-ROL record

= 'P' if a Top Secret Profile

Expiration Date

n/a

UNTIL

Limits: Date format.

Activated

n/a

Date that role is activated for all members

Limits: Date format.

Console

n/a

CONSOLE

Trace

n/a

TRACE attribute

Update INSTDATA

n/a

DUFUPD

TSS RACROUTE

n/a

DUFXTR

INSTDATA

n/a

INSTDATA

MRO

n/a

MRO

RACF bit

n/a

NOADSP

No ATS

n/a

NOATS

No DSN Check

n/a

NODSNCHK

No LCF Check

n/a

NOLCFCHK

No Password Change

n/a

NOPWCHG

No Resource Check

n/a

NORESCHK

No Submit Check

n/a

NOSUBCHK

Do Not Suspend

n/a

NOSUSPEND

No Volume Check

n/a

NOVOLCHK

ID Card

n/a

OIDCARD attribute

Source ID

n/a

SOURCE keyword

Time Zone

n/a

TIME ZONE

Primary Language

n/a

LANGUAGE

Secondary Language

n/a

LANGUAGE - we only allow one language to be specified.

Physical Key

n/a

PHYSKEY

Operator Class

n/a

OPCLASS

CICS Operator ID

n/a

OPIDENT

CICS Operator Priority

n/a

OPPRTY

Time Out

n/a

CICS TIMEOUT value

Limits: Defined by the OPTIME keyword.

SYSOUT User Name

n/a

WANAME

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Building

n/a

WABLDG

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Dept

n/a

WADEPT

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Room

n/a

WAROOM

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Addr 1

n/a

WAADDR1

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Addr 2

n/a

WAADDR2

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Addr 3

n/a

WAADDR3

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

SYSOUT Addr 4

n/a

WAADDR4

Limits: Up to 60 characters. If spaces are used, enclose the value in single quotes.

Account Number

n/a

WAACCNT

Limits: Up to 255 characters. If spaces are used, enclose the value in single quotes.

Role ID

ROLENAME part of the Record Id of an X-ROL record

Limits: 1 to 8 characters

N/A

Role System ID

SYSID part of the Record Id of an X-ROL record

Limits: 1 to 8 characters

N/A

Role Type

ROLE or GROUP specified in an X-ROL record

N/A

Role Mask

Single masked value of a user, group of users, role, or group of roles that is specified in the INCLUDE or EXCLUDE field of an X-ROL record

N/A

Include/Exclude

Indicates if this rolemask is an INCLUDE entry or an EXCLUDE entry of an X-ROL record

N/A

User ID

logonid, %CHANGE, %RCHANGE in the ruleset

N/A

Scope Record ID

SCPLIST in logonid record; if the ruleset, then

%CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

n/a

Authorization Type

If the authorization id is a logonid or XREF role, set this value to 'U'

If the authorization id is a UID, set this value to 'R'

n/a

Scope Record ID

n/a

Department ACID this group is attached to

TSS Group ACID Name

n/a

Group acid name

Scope Record ID

n/a

Department ACID this profile is attached to

TSS Profile Name

n/a

PROFILE acid name

Parent Scopelist ID

SCPLIST in logonid record; if ruleset, then

%CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

The acid that has the scope

Child Scopelist ID

 

SCPLIST in logonid record; if ruleset, then

%CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

The acid that the PARENT_SCOPEID has scope over

Scopelist ID

SCPLIST in logonid record; if ruleset, then

%CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

The acid that has the scope

Scope Record ID

 

SCPLIST in logonid record; if ruleset, then

%CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

ACID name

Authorization ID

logonid, %CHANGE, %RCHANGE in ruleset

Acid that has scope over the AUTHID

Authorization Object Type

If the authorization id is a logonid or XREF role, set this value to 'U'

If the authorization id is a UID, set this value to 'R'

U/R/V/D/Z for User/Permit/Division/Department/Zone

Scopelist ID

Scope record name

Limits: 1 to 8 characters

The acid that has the scope

Next Scopelist ID

NEXTKEY in scope record

The acid that the SCOPEID has scope over

Scope Record ID

Scope record name

Limits: 1 to 8 characters

n/a

UID Mask

UID in scope record

n/a

Scopelist ID

SCPLIST in logonid record; if ruleset, then %CHANGE+RCLASS+$KEY or %RCHANGE+RCLASS+$KEY

DEPARTMENT

User Mask

LID in scope record

User acid residing in the department

Resource Class

If the scope is based on rules, see $TYPE or set to 'DATASET'. If the SCOPE is scope record-based, see the DSN field or INF field

Resource class

Resource Mask

DSN, INF in scope record

Resource name

Resource Mask Type

= ['K' or 'F'] for values specified in $KEY, %CHANGE and %RCHANGE, = ['P', 'K', 'F'] for values specified in DSN, INF in scope record

P = prefix vs F = fully qualified

Scope Type

'S' = SCPLIST in logonid record, 'C' = %CHANGE in ruleset, 'R' = %RCHANGE in the ruleset

n/a

Application Indicator

A for ACF2 Application

T for TSS Application

TSS Facility Name

n/a

FACILITY

TSS Facility Authorization Sequence Number

n/a

Sequence number

TSS Authorization Object Type

n/a

U/R/V/D/Z for User/Permit/Division/Department/Zone

TSS Processing Mode

n/a

MODE (D/W/I/F = Dormant/Warn/Impl/Fail)

TSS Denies Access Indicator

n/a

ACTION DENY

TSS ACID Audit Indicator

n/a

ACTION AUDIT

TSS ACID Notify Indicator

n/a

ACTION NOTIFY

TSS Fail Mode Indicator

n/a

ACTION FAIL

TSS Access Expiration Date

n/a

Expire date

Limits: Date field.

TSS Allow Multi-Signon Indicator

n/a

SIGNMULTI

Day Restriction

n/a

DAY or CALENDAR record

Time Restriction

n/a

TIME or TIMEREC

TSS LINUX System ID

n/a

Linux UID (from LNXENTS keyword)

TSS LINUX Home Directory

n/a

Linux Home (from LNXENTS keyword)

TSS LINUX Shell Program

n/a

Linux shell (from LNXENTS keyword)

TSS LINUX Group

n/a

Group (from LNXENTS keyword)

TSS Number Minutes before Lock

n/a

LOCK TIME

Group ID

n/a

Group acid name

Linux GID

n/a

Linux GID from LNXENTS

TSS Command Restriction

n/a

COMMAND (Displayed as LCF FAC)

TSS Command Allowed

n/a

Command

TSS Command Masked Indicator

n/a

COMMAND Mask

TSS Allow Password Command Access Indicator

n/a

Verify Password if command used

TSS Available Transaction Name

n/a

Transaction

Facility System Sequence

n/a

Sequence number

Facility System ID

n/a

SYSID of the system on which the user can access the facility

Security Application

= 'CA ACF2'

Application name (Security product)

Application Version

ACCREL#, ACCPIDS, ACCPIDL from ACCVT

Version of the product

Operational Mode

ACCMABN, ACCMWRN, ACCMLG, ACCMWRN from ACCMFLG flag bits in ACCVT

MODE (D/W/I/F = Dormant/Warn/Impl/Fail)

Load Date

TOD stamp when the CIA UNLOAD job was executed

Date

UID String

The Logonid fields that make up the UID string

n/a

User ID

The ACF2 Logonid value

ACID

Create Date

Logonid field name = CRE-TOD - Date and time the Logonid was created

Limits: The format varies depending on the DATE field of the GSO OPTS record.

CREATED

Create Time

Logonid field name = CRE-TOD - Date and time the Logonid was created

Limits: The format varies depending on the DATE field of the GSO OPTS record.

CREATED

Name

Logonid field name = NAME - The 1 to 20 character name of the user

NAME

Default Group

Logonid field name = GROUP - The default OMVS group name

Limits: 1 to 8 characters

DFLTGRP

Last Used Date

Logonid field name = ACC-DATE - The date of the last system access by this user

Limits: The format varies depending on the DATE field of the GSO OPTS record.

LAST MOD

Last Used Time

Logonid field name = ACC-TIME - The time of the last system access by this user

Limits: Four-byte binary field, displayed in the format hh.mm.

LAST MOD

Console

Logonid field name = CONSOLE - Permits access to the TSO/E CONSOLE facility

CONSOLE

Suspended

Logonid field name = SUSPEND - Indicates that a user cannot enter this logonid to access the system

SUSPEND

Trace

Logonid field name = TRACE - Creates SMF loggings for all data set and resource access attempts made by the user

TRACE

Activated

Logonid field name = ACTIVE - Activates the logonid one minute after midnight on the date contained in this field

Limits: The format varies depending on the DATE field of the GSO OPTS record.

n/a

Expiration Date

Logonid field name = EXPIRE - Indicates when the privileges for this logonid will expire

Limits: The format varies depending on the DATE field of the GSO OPTS record.

Expiration date that is set from FOR or UNTIL

LDAP Synchronization

Logonid field name = LDS - Administrative logonid changes will be propogated to all active LDAP servers

LDS

EIM Record Identifier

Identifies the LDAPBIND profile record that contains the bind information for the application

EIMPROF

LDS Record Identifier

Logonid field name = LDSNODES - Specifies a GSO NODELIST record ID qualifier

Limits: 8 characters

Acid name that has the LDAPDEST node

Proxy Record Identifier

PROXY User Profile Record ID - Specifies information that the z/OS LDAP server will use when acting as a proxy on behalf of a requester

EIMPROF

Source ID

Logonid field name = SOURCE - The logical or physical input source name or source group name (E(SRC), E(SGP), or X(SGP) record name) from which a user must access the system

Limits: 1 to 8 characters

SOURCES

Time Zone

Logonid field name = ZONE - The name of the zone record that defines the time zone from which this logonid normally accesses the system

Limits: 3 characters

TZONE

Global identifier

n/a

IDMAP

Default Command

n/a

TSOCOMMAND

Default Destination

Logonid field name = TSO-DEST - Specifies the default remote destination for TSO spun SYSOUT data sets

TSODEST

Hold Class

Logonid field name = DFT-SUBH - The default TSO submit hold class

Limits: 1 character

TSOHCLASS

Job Class

Logonid field name = DFT-SUBC - The default TSO submit class

Limits: 1 character

TSOJCLASS

Message Class

Logonid field name = DFT-SUBM - The default TSO submit message class

Limits: 1 character

TSOMCLASS

Sysout Class

Logonid field name = DFT-SUBM - The default TSO SYSOUT class

TSOSCLASS

Multi password

n/a

TSOMPW

OID Card Required

Logonid field name = OID - An OID card is required

TSOOPT(OIDCARD)

User Data

n/a

TSOUDATA

Account Number

Logonid field name = TSOACCT - Default TSO logon account

Limits: 40 characters

TSOLACCT

Mail

 

Logonid field name = MAIL - User can receive mail messages from TSO at logon time

Limits: Bit field

TSOOPT(MAIL)

Notices

Logonid field name = NOTICES - User can receive TSO notices at logon time

Limits: Bit field

TSOOPT(NOTICES)

Default Performance group

Logonid field name = TSOPERF - User's default TSO performance group

Limits: 1-byte binary field

TSOPRFG

Default Proc

Logonid field name = TSOPROC - User's default TSO procedure name

Limits: 8 characters

TSOLPROC

Region Size

Logonid field name = TSORGN - User's default TSO region size

Limits: 4-byte binary field

TSOLSIZE

Max Region Size

Logonid field name = TSOSIZE - User's maximum TSO region size

Limits: 4-byte binary field

TSOMSIZE

Unit Name

Logonid field name = TSOUNIT - User's default TSO unit name

Limits: 8 characters

TSOUNIT

USS User ID

P(USER) DIV(OMVS) UID field

UID

Home Directory

P(USER) DIV(OMVS) HOME field

HOME

Shell Path

P(USER) DIV(OMVS) OMVSPGM field

OMVSPGM

MAXASSIZE

P(USER) DIV(OMVS) ASSIZE field

ASSIZE

MAXMMAPAREA

P(USER) DIV(OMVS) MMAPAREA field

MMAPAREA

MAX CPU

P(USER) DIV(OMVS) CPUTIME field

OECPUTM

MAXFILEPROC

P(USER) DIV(OMVS) FILEPROC field

OEFILEP

Nonshared MaxMem

P(USER) DIV(OMVS) MEMLIMIT field

MEMLIMIT

Shared Memory MAX

P(USER) DIV(OMVS) SHMEMMAX field

SHMEMMAX

MAXPROCUSER

P(USER) DIV(OMVS) PROCUSER field

PROCUSER

MAXTHREADS

P(USER) DIV(OMVS) THREADS field

THREADS

Lotus Notes ID

P(USER) DIV(LNOTES) record id

SNAME

NDS ID

P(USER) DIV(NDS) UNAME field

UNAME

UUID

P(USER) DIV(DCE) UUID field

UUID

Principal DCE Name

P(USER) DIV(DCE) DCENAME field

DCENAME

Home UUID

P(USER) DIV(DCE) HOMEUUID field

HOMEUUID

HomeCell

P(USER) DIV(DCE) HOMECELL field

HOMECELL

Autolog

P(USER) DIV(DCE) AUTOLOG field

AUTOLOG

Init Cmd

P(USER) DIV(NETVIEW) IC field

NETVIC

Console ID

P(USER) DIV(NETVIEW) CONSNAME field

SYSCONS

Security Check

P(USER) DIV(NETVIEW) SECCTL field

n/a

Receive Messages

P(USER) DIV(NETVIEW) MSGRECVR field

n/a

GMF Admin

P(USER) DIV(NETVIEW) NGMFADMN field

n/a

Autolog All

Logonid field name = AUTOALL

Limits: Bit field

n/a

Autolog No PWD

Logonid field name = AUTONOPW

Limits: Bit field

n/a

Autolog Only

Logonid field name = AUTOONLY

Limits: Bit field

n/a

Diag 84

Logonid field name = DG84DIR

Limits: Bit field

n/a

DIAL Bypass

Logonid field name = DIALBPY

Limits: Bit field

n/a

Optional Group ID

Logonid field name = GRP-OPT

Limits: Bit field

n/a

Last User

Logonid field name = GRP-USER

Limits: 8 characters

n/a

Group Logon

Logonid field name = GRPLOGON

Limits: Bit field

n/a

Logical Devices

Logonid field name = LDEV

Limits: Bit field

n/a

No Spool

Logonid field name = NOSPOOL

Limits: Values listed in PREVENT, LOG, ALLOW, and null.

n/a

CP Syntax Check

Logonid field name = SYNERR

Limits: Values listed in PREVENT, LOG, ALLOW, and null.

n/a

TempDisk Rules

Logonid field name = TDISKVLD

Limits: Bit field

n/a

VM Account

Logonid field name = VLDVMACT

Limits: Bit field

n/a

Default Account Number

Logonid field name = VMACCT

Limits: 8-byte logonid field

n/a

Diag D4

Logonid field name = VMD4AUTH

Limits: Bit field

n/a

D4 CMS

Logonid field name = VMD4FSEC

Limits: Bit field

n/a

Reset

Logonid field name = VMD4RSET

Limits: Bit field

n/a

Diag D4 Alternate

Logonid field name = VMD4TARG

Limits: Bit field

n/a

VM Idle Time

Logonid field name = VMIDLEMN

Limits: 1 to 240 minutes

n/a

Idle Processing

Logonid field name = VMIDLEOP

Limits: Valid values are OFF, DISC, LOGOFF, NOLOGOFF, or REPROMPT

n/a

VM ESM

Logonid field name = VMESM

Limits: Bit field

n/a

Diag A0 (SAF)

Logonid field name = VMSAF

Limits: Bit field

n/a

VM SFS Server

Logonid field name = VMSFS

Limits: Bit field

n/a

VM/ESA Logon

Logonid field name = VMXA

Limits: Bit field

n/a

VSE SRF

Logonid field name = VSESRF

Limits: Bit field

n/a

Acid Type

n/a

MSCA/SCA/LSCA/ZCA/DCA/VCA/USER

Suspended (admin)

n/a

ASUSPEND

Suspended (password)

n/a

PSUSPEND

Suspended (Resources)

n/a

VSUSPEND

Suspended (Exit)

n/a

XSUSPEND

User Last Accessed Sysid

n/a

CPU on last used

Batch or STC control

n/a

MASTFAC

ID Card

n/a

TSOOPT(OIDCARD)

Telephone

Logonid field name = PHONE

Limits: 1 to 12 character telephone number

n/a

Audit

Logonid field name = AUDIT

Limits: Bit field

n/a

Account

Logonid field name = ACCOUNT

Limits: Bit field

n/a

Consult

Logonid field name = CONSULT

Limits: Bit field

n/a

Leader

Logonid field name = LEADER

Limits: Bit field

n/a

REFRESH Command Allowed

Logonid field name = REFRESH

Limits: Bit field

n/a

Security

Logonid field name = SECURITY

Limits: Bit field

n/a

No Cancel

Logonid field name = NON-CNCL

Limits: Bit field

n/a

RX all DSNs

Logonid field name = READALL

Limits: Bit field

n/a

Resource Validation Needed

Logonid field name = RSRCVLD

Limits: Bit field

n/a

Access Validation Needed

Logonid field name = RULEVLD

Limits: Bit field

n/a

Last Accessed Source

Logonid field name = ACC-SRCE

Limits: 1 to 8 character source name source name or source group name

n/a

Day Restriction

Logonid field name = SHIFT

Limits: 1 to 8 characters

DAYS

Time Restriction

Logonid field name = SHIFT

Limits: 1 to 8 characters

TIMES

Number of Accesses

Logonid field name = ACC-CNT

Limits 4-byte binary field

n/a

TSO Account Priv

Logonid field name = ACCTPRIV

Limits: Bit field

n/a

ACF CICS

Logonid field name = CICS

Limits: Bit field

n/a

Bypass Restricted Command

Logonid field name = ALLCMDS

Limits: Bit field

n/a

Command Limiting

Logonid field name = ATTR2

Limits: 2-byte hexadecimal field

n/a

Extended Authentication 1

Logonid field name = AUTHSUP1

Limits: Bit field

n/a

Extended Authentication 2

Logonid field name = AUTHSUP2

Limits: Bit field

n/a

Extended Authentication 3

Logonid field name = AUTHSUP3

Limits: Bit field

n/a

Extended Authentication 4

Logonid field name = AUTHSUP4

Limits: Bit field

n/a

Extended Authentication 5

Logonid field name = AUTHSUP5

Limits: Bit field

n/a

Extended Authentication 6

Logonid field name = AUTHSUP6

Limits: Bit field

n/a

Extended Authentication 7

Logonid field name = AUTHSUP7

Limits: Bit field

n/a

Extended Authentication 8

Logonid field name = AUTHSUP8

Limits: Bit field

n/a

Auto SVC Dump

Logonid field name = AUTODUMP

Limits: Bit field

n/a

BDT

Logonid field name = BDT

Limits: Bit field

n/a

ACF2 Cancel

Logonid field name = CANCEL

Limits: Bit field

n/a

TSO Delete Character

Logonid field name = CHAR

Limits: 1-byte binary field, or one of these special strings: BS or NO

n/a

CICS Authority

CICS|NOCICS in logonid record

Limits: Bit field

n/a

CICS Operator Class

CICSCL(class) in logonid record

Limits: 3-byte hexadecimal field

n/a

CICS Operator ID

CICSID(id) in logonid record

Limits: 3 characters

n/a

CICS Operator Priority

CICSPRI(class) in logonid record

Limits: 1-byte binary field

n/a

C-CIC Sysid

CICSOPT(cicsopt) in logonid record

Limits: 8 characters

n/a

TSO Command List Bypass

CMD-LONG|NOCMD-LONG in logonid record

Limits: Bit field

n/a

SET TARGET

CMD-PROP|NOCMD-PROP in logonid record

Limits: Bit field

n/a

Date of CANCEL

CSDATE(date) in logonid record

Limits: The format varies depending on the DATE field of the GSO OPTS record.

n/a

CANCEL Logon ID

CSWHO(logonid) in logonid record

Limits: 8 characters

n/a

TSO Prefix

DFT-PFX(prefix) in logonid record

Limits: 8 characters, but the last character is reserved

n/a

Dump Authorized

DUMPAUTH|NODUMPAUTH in logonid record

Limits: Bit field

n/a

Terminal Idle Time

IDLE(time) in logonid record

Limits: 1-byte binary field

n/a

IMS

IMS|NOIMS in logonid record

Limits: Bit field

n/a

Accept TSO Send

INTERCOM|NOINTERCOM in logonid record

Limits: Bit field

n/a

Submit Allow

JCL|NOJCL in logonid record

Limits: Bit field

n/a

Batch Logon ID

JOB|NOJOB in logonid record

Limits: Bit field

n/a

Use JOBFROM

JOBFROM|NOJOBFROM in logonid record

Limits: Bit field

n/a

Kerberos Violations

KERB-VIO in logonid record

Limits: 2-byte binary field

n/a

TSO Line delete character

LINE(char) in logonid record

Limits: 1 character, or one of these special strings:ATTN, CTLX, or NO

n/a

MAXDAYS LID

LIDZMAX|NOLIDZMAX in logonid record

Limits: Bit field

n/a

MINDAYS LID

LIDZMIN|NOLIDZMIN in logonid record

Limits: Bit field

n/a

Account Permission

LGN-ACCT|NOLGN-ACCT in logonid record

Limits: Bit field

n/a

Remote DEST Permission

LGN-DEST|NOLGN-DEST in logonid record

Limits: Bit field

n/a

Logon Message Class Specify

LGN-MSG|NOLGN-MSG in logonid record

Limits: Bit field

n/a

Performance Group Specify

LGN-PERF|NOLGN-PERF in logonid record

Limits: Bit field

n/a

TSO PROC Specify

LGN-PROC|NOLGN-PROC in logonid record

Limits: Bit field

n/a

Recover option allow

LGN-RCVR|NOLGN-RCVR in logonid record

Limits: Bit field

n/a

Override Region Size

LGN-SIZE|NOLGN-SIZE in logonid record

Limits: Bit field

n/a

Set Session Limit permission

LGN-TIME|NOLGN-TIME in logonid record

Limits: Bit field

n/a

Set TSO Unit Permission

LGN-UNIT|NOLGN-UNIT in logonid record

Limits: Bit field

n/a

Access off shift

LOGSHIFT|NOLOGSHIFT in logonid record

Limits: Bit field

n/a

Bypass Rules

MAINT|NOMAINT in logonid record

Limits: Bit field

n/a

Max days between Password change

MAXDAYS(days) in logonid record

Limits: 1-byte hexadecimal field

n/a

Min days before Password change

MINDAYS(days) in logonid record

Limits: 1-byte hexadecimal field

n/a

Modal Messages from TSO

MODE|NOMODE in logonid record

Limits: Bit field

n/a

Log SMF Record

MON-LOG|NOMON-LOG in logonid record

Limits: Bit field

n/a

Send Logon to Console

MONITOR|NOMONITOR in logonid record

Limits: Bit field

n/a

Mount permission

MOUNT|NOMOUNT in logonid record

Limits: Bit field

n/a

Prefix message ID

MSGID|NOMSGID in logonid record

Limits: Bit field

n/a

Multi signon privs

MULTSIGN|NOMULTSIGN in logonid record

Limits: Bit field

n/a

Logon Single AS

MUSASS|NOMUSASS in logonid record

Limits: Bit field

n/a

Logon Multi AS

MUSDLID(logonid) in logonid record

Limits: 8 characters

n/a

Multi-user ID

MUSID(musid) in logonid record

Limits: 1 to 8 characters

n/a

MUSID Required

MUSIDINF|NOMUSIDINF in logonid record

Limits: Bit field

n/a

MUSASS Privilege

MUSUPDT|NOMUSUPDT in logonid record

Limits: Bit field

n/a

Network Can't Inherit

NO-INH|NONO-INH in logonid record

Limits: Bit field

n/a

No MAXVIO

NOMAXVIO|NONOMAXVIO in logonid record

Limits: Bit field

n/a

NO USS

NO-OMVS|NONO-OMVS in logonid record

Limits: Bit field

n/a

Bypass SMC

NO-SMC|NONO-SMC in logonid record

Limits: Bit field

n/a

MUSASS Statistics Bypassed

NO-STATS|NONO-STATS in logonid record

Limits: Bit field

n/a

No Store or Delete Rule Sets

NO-STORE|NONO-STORE in logonid record

Limits: Bit field

n/a

TSO Operator

OPERATOR|NOOPERATOR in logonid record

Limits: Bit field

n/a

Pause on Multi Clist

PAUSE|NOPAUSE in logonid record

Limits: Bit field

n/a

Account Number Required at Logon

PMT-ACCT|NOPMT-ACCT in logonid record

Limits: Bit field

n/a

TSOPROC Required At Logon

PMT-PROC|NOPMT-PROC in logonid record

Limits: Bit field

n/a

Submit Program

PROGRAM(program) in logonid record

Limits: 8 characters

n/a

GSO PPGM Execute

PPGM|NOPPGM in logonid record

Limits: Bit field

n/a

Log SMF Active on Attempt

PP-TRC|NOPP-TRC in logonid record

Limits: Bit field

n/a

Log SMF Active on Violation

PP-TRCV|NOPP-TRCV in logonid record

Limits: Bit field

n/a

Rule Prefix

PREFIX(prefix) in logonid record

Limits: 0 to 8 characters

n/a

Dynamic Logonid Privileges

PRIV-CTL|NOPRIV-CTL in logonid record

Limits: Bit field

n/a

Prompt on invalid parms

PROMPT|NOPROMPT in logonid record

Limits: Bit field

n/a

Cumulative password violations

PSWDCVIO(nn) in logonid record

Limits: 2-byte binary field

n/a

Date of Last Invalid Password

PSWD-DAT(date) in logonid record

Limits: 4-byte packed field

n/a

Password Expired Manually

PSWD-EXP|NOPSWD-EXP in logonid record

Limits: Bit field

n/a

Number password violations since last logon

PSWD-INV(nn) in logonid record

Limits: 2-byte binary field

n/a

Last Input Source Name/Group with Invalid Password

PSWD-SRC(sourceid) in logonid record

Limits: 8 characters

n/a

Time of Last Invalid Password

PSWD-TIM(hh:mm) in logonid record

Limits: 4-byte binary field

n/a

Max Password Length 8

PSWD-MX8 in logonid record

n/a

Password Change Date

Date section of the PSWD-TOD field in logonid record

n/a

Password Change Time

 

Time section of the PSWD-TOD field in logonid record

n/a

Password Uppercase

PSWD-UPP|NOPSWD-UPP in logonid record

Limits: Bit field

n/a

Number of Password Violations

PSWD-VIO(nn) in logonid record

Limits: 2-byte binary field

n/a

APF Decrypt Only

PSWD-XTR|NOPSWD-XTR in logonid record

Limits: Bit field

n/a

GSO allow

PWPALLOW|NOPWPALLOW in logonid record

Limits: Bit field

n/a

Last Invalid Password Date

PWP-DATE(date) in logonid record

Limits: 4-byte packed field

n/a

Number of Passphrase Violations

PWP-VIO(count) in logonid record

Limits: 2-byte binary field

n/a

Passticket RESTRICT

PTICKET|NOPTICKET in logonid record

Limits: Bit field

n/a

TSO Recover

RECOVER|NORECOVER in logonid record

Limits: Bit field

n/a

RESTRICT Logon

RESTRICT|NORESTRICT in logonid record

Limits: Bit field

n/a

Restrict UNIX

RSTDACC|NORSTDACC in logonid record

Limits: Bit field

n/a

Scoped

= 'Y' if any of the following fields in the logonid record are nonblank: DSNSCOPE(logonid mask), LIDSCOPE(logonid mask), SCPLIST(scpname), UIDSCOPE(UID mask)

n/a

Cumulative Violations

SEC-VIO(nn) in logonid record

Limits: 2-byte binary field

n/a

SRF for VM

SRF|NOSRF in logonid record

Limits: Bit field

n/a

Logon for STC

STC|NOSTC in logonid record

Limits: Bit field

n/a

Submit APF only

SUBAUTH|NOSUBAUTH in logonid record

Limits: Bit field

n/a

Sync Node

SYNCNODE(nodeid) in logonid record

Limits: 8 characters

n/a

Sysplex

SYSPEXCL|NOSYSPEXCL in logonid record

Limits: Bit field

n/a

Bypass Label

TAPE-BLP|NOTAPE-BLP in logonid record

Limits: Bit field

n/a

Limited Bypass Label

TAPE-LBL|NOTAPE-LBL in logonid record

Limits: Bit field

n/a

TSO logon

TSO|NOTSO in logonid record

Limits: Bit field

n/a

TSO Trace

TSO-TRC|NOTSO-TRC in logonid record

Limits: Bit field

n/a

TSO Command List Module

TSOCMDS(module) in logonid record

Limits: 8 characters

n/a

Full Screen Display Logon

TSOFSCRN|NOTSOFSCRN in logonid record

Limits: Bit field

n/a

Mail Index Record Pointer

TSORBA(pointer) in logonid record

Limits: 3-byte hexadecimal field

n/a

TSO Time

TSOTIME(time) in logonid record

Limits: 2-byte binary field

n/a

Common Services

UNICNTR|NOUNICNTR in logonid record

Limits: Bit field

n/a

Logon ID Update Date

 

Date section of the UPD-TOD(date-time) field in logonid record

n/a

Logon ID Update Time

 

Time section of the UPD-TOD(date-time) field in logonid record

n/a

Validate TSO account number

VLD-ACCT|NOVLD-ACCT in logonid record

Limits: Bit field

n/a

Validate TSO Proc Name

VLD-PROC|NOVLD-PROC in logonid record

Limits: Bit field

n/a

Validate SUBAUTH/PROGRAM

VLDRSTCT|NOVLDRSTCT in logonid record

Limits: Bit field

n/a

VM Logon permit

VM|NOVM in logonid record

Limits: Bit field

n/a

ACF uses WTP

WTP|NOWTP in logonid record

Limits: Bit field

n/a

System ID

n/a - Supplied as input to the CIA UNLOAD JCL job

SYSID

User ID

n/a

Acid name

Group Name

n/a

Group name

USS GID

n/a

GID

SMS Application Name

n/a

SMS Application name

Limits: 8 characters

SMS Data Class

n/a

SMS Data Class

Limits: 8 characters

SMS Management Class

n/a

SMS Management Class

Limits: 8 characters

SMS Storage Class

n/a

SMS Storage Class

Limits: 8 characters

User ID

logonid

n/a

Hex UID

UID in hex format

n/a

UID

UID

n/a

User ID

logonid

Acid that has the profile

Role ID

 

ROLENAME part of the X-ROL Record Id if the ROLETYPE is a role group ( g ) or base role ( r ), UID mask from rulelines if the ROLETYPE is a UID string ( u )

Profile acid name

Record System ID

SYSID part of the X-ROL Record Id if the ROLETYPE is a role group ( g ) or base role ( r )

n/a

Role Type

= 'U' if this is a uid mask is from a ruleline; = 'R' if this is a role from an X-ROL record; = 'G' if this is a role group from an X-ROL record

= 'P' if a Top Secret Profile

ESM System ID

Supplied as input parm in the CIA UNLOAD job or defaults to the SMCASID (the z/OS SMFID) where the CIA UNLOAD job was executed

The CIA SYSID

 

Expiration Date

n/a

Expiration date of the profile use on the acid

Limits: Date field

Role Order

n/a

Which profile it is on the acid

Event System ID

Supplied as input parm in the CIA UNLOAD job or defaults to the SMCASID (the z/OS SMFID) where the CIA UNLOAD job was executed

LPAR

ACF2 Sysid

Supplied as input parm in the CIA UNLOAD job or defaults to the SMCASID (the z/OS SMFID) where the CIA UNLOAD job was executed

Date database created

Timestamp

n/a

Time at which the database was last updated