In IBM standard password support, when a password-indicated non-VSAM data set is opened, the operating system prompts the TSO user (for online applications) or the master console operator (for batch jobs) for the password to the data set in question. Authorities to continue is based on the response to that prompt. For non-VSAM data sets, the password indicator bit is the DS1IND10 bit set (bit x'10' at offset 93 x'5D') in the format-1 DSCB.
CA Disk has special code to avoid prompting the operator for the password on OPEN and SCRATCH of non-VSAM user data sets. CA Disk uses this special code only when sysparm PASSWORD is specified with a value of Y, when the PASSWORD parameter is included on the command (if it has an optional PASSWORD parameter), and when CA Disk is running as an APF-authorized task. Most TSO and ISPF sessions run non‑APF‑authorized, so CA Disk does not exempt them from authority checking.
The security package named SECURE replaces the non-VSAM password-checking feature of the operating system. SECURE does not result in prompting of the operator for open of data sets, so this special CA Disk code is not needed.
There are two sub steps for installing the password-indicated data set support options. The following are the sub steps:
If you do not want CA Disk to process password-indicated data sets, it can default to N.
If your installation uses the security package SECURE, specify sysparm SECUSUPP with a value of Y. With SECURE, the value of the sysparm PASSWORD does not matter.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|