Specifies the type of action to result from assembling the macro.
In a series of #SECRTT macros, the first of the series must specify TYPE=INITIAL and the last must specify TYPE=FINAL.
Specifies that entries in the SRTT for all CA IDMS-defined resources are to be initialized:
For each resource type, the initial values are the following:
Specifies a name for the environment that uses the SRTT. Environment-name can be used in external resource name construction.
Environment-name must be one to eight characters in length.
Specifies that there is no name for the environment that uses the SRTT.
Specifies whether CA IDMS should retain signon information originating from external request units (ERUs). This option will provide performance improvements in environments which process large numbers of short-lived ERUs and external security systems.
Specifies the time in minutes that CA IDMS should retain signon information for external request units after the last session has been ended by signoff.
You can specify the CA IDMS command, DCUF SHOW USERS ALL, to show the retained users signons with an LTERMID of *NONE*.
Note: If a user signs on to the CA IDMS CV through a VTAM or TSO UCF connection and this is the last (or only) session, a FULL signoff will be performed and the retained signon information and control blocks will be freed from the CA IDMS CV.
Specifies that a full signoff, which frees all retained control blocks, will be performed at the end of the last (or only) session for the user. OFF is the default.
Specifies the default SYSTEM profile and whether SYSTEM profiles should be processed for external run units.
Specifies that no SYSTEM profile should be processed.
Note: If SYSTEM profiles are OFF, they will be off for all tasks including external run units, regardless of the setting of the second subparameter.
Specifies that there is no default SYSTEM profile.
Specifies that the default SYSTEM profile name is the user-id.
Specifies that the default SYSTEM profile name is the name of the user's default group.
Specifies that the default SYSTEM profile name is the SYSTEM ID defined in SYSGEN.
Specifies the name of the default profile. The profile name must be 1 to 18 characters.
Indicates that profiles should be processed for external run units. The default profile, if any, is specified by the first subparameter.
Indicates that profiles should not be processed for external run units. The default is OFF.
Specifies the default USER profile and whether USER profiles should be processed for external run units.
Specifies that no USER profile should be processed.
Note: If USER profiles are OFF, they will be off for all tasks including external run units, regardless of the setting of the second subparameter.
Specifies that there is no default USER profile.
Specifies that the default USER profile name is the user-id.
Specifies that the default USER profile name is the name of the user's default group.
Specifies that the default USER profile name is the SYSTEM ID defined in SYSGEN.
Specifies the name of the default profile. The profile name must be 1 to 18 characters.
Indicates that profiles should be processed for external run units. The default profile, if any, is specified by the first subparameter.
Indicates that profiles should not be processed for external run units. The default if OFF.
Specifies whether CA IDMS should perform a signon using a specific name if a security check is issued and the terminal operator has not signed on. The name to use for the default signon is defined by the DFLTUID parameter.
Enables default signon.
Disables this option.
Specifies the default signon CA IDMS is to use when the DFLTSGN parameter is enabled, a security check is issued, and the terminal operator has not signed on. Specify a user-identifier or a list of up to three ID options in parentheses. If DFLTSGN=YES, and you don't specify DFLTUID parameters, the default is as follows: (VTAMNODE,PTERMID,LTERMID).
Specifies the default signon as an unquoted literal from 1 to 18 characters in length.
Specifies that for VTAM terminals, the VTAM node name is used as the default signon.
Specifies that the PTERM ID is used as the default signon, if the PTERM is available and the option has not been satisfied by the VTAMNODE parameter (non-VTAM terminals, or VTAMNODE not specified for VTAM terminals).
Specifies that the LTERM ID is used as the default signon, if the option has not been satisfied by the VTAMNODE or PTERMID parameters.
Specifies the extract user ID that can be used at sites that do not have an external security system. User-identifier is an unquoted literal from 1- to 18-characters.
Specifies maximum number of entries in the #SECRTT global table.
If the default of 150 entries is exceeded, the assembly of the #SECRTT fails with condition code of 12 and an assembler error message displays:
"12, SRTT GLOBAL TABLE OVERFLOW. GENERATION ABORTED".
When this error message is received, review the #SECRTT entries. Check the wildcards to ensure they are valid and used properly. When wildcards are used properly, they reduce the number of entries in #SECRTT global table.
Important! Excessive entries require CPU time to resolve each security check.
This is the default. It can be increased if necessary.
Specifies the installed SVC number. This parameter is required. If svc-number is not specified, the system defaults to 175.
Specifies that the user-supplied values apply to all occurrences of the resource type identified in the RESTYPE parameter.
For each resource type whose default values you want to replace in SRTT, you must issue a #SECRTT macro with TYPE=ENTRY.
Specifies that the user-supplied values apply to one occurrence of the resource type identified in the RESTYPE parameter.
Note: TYPE=OCCURRENCE is valid only for resource types DB, SPGM, and TASK.
EXTCLS= and EXTNAME= specifications are ignored if TYPE=OCCURRENCE. Therefore, if you specify TYPE=OCCURRENCE and SECBY=EXTERNAL to secure an occurrence override externally, be sure to specify EXTCLS= and EXTNAME= on the TYPE=ENTRY macro for the resource type. This information will be used for checks on the occurrence override.
Names the occurrence of the resource to which the user-supplied values in the macro apply. You must enclose the resource name in quotes.
If TYPE=OCCURRENCE, the value in resource-name is treated as a wildcarded name. Thus, if RESTYPE=SPGM and RESNAME='RHDC', the scope of the override is all program names that begin with 'RHDC'.
If you do not want wildcarding to take effect—that is, you want to limit the scope of the override to only one resource-name—then include a blank character at the end of the resource-name. Thus, if RESTYPE=SPGM and RESNAME='TEST01 ', the scope of the override is the program 'TEST01' only.
Specifies the resource type you are defining in the SRTT.
Resource-type-name must be 1 to 4 characters in length and may identify a resource type defined by CA IDMS or a user-defined resource type.
Note: For more information about user-defined resource types, see Using External Security.
This table lists valid resource type names for CA IDMS resources:
|
Global resources |
SYSADMIN privilege User Group User profile |
SYSA USER GROU UPRF |
|
System resources |
DCADMIN privilege System System profile Signon Activity Task Load module Queue Access module Program |
DCA SYST SPRF SGON ACTI TASK SLOD QUEU SACC SPGM |
|
Database resources |
DBADMIN Database Area Rununit Schema (SQL) Non-SQL schema Access module Table DMCL Database name table |
DB DB DB (AREA)(1) DB (NRU)(1) DB (QSCH)(1) DB (NSCH)(1) DB (DACC)(1) DB (TABL)(1) DMCL DBTB |
(1) Resource type is secured when DB is secured.
Note: DBADMIN privilege is secured when you activate security for DB.
Specifies the security option for the resource type identified in the RESTYPE parameter.
Specifies that security-checking for the resource type is performed using definitions in an external security system.
If you specify SECBY=EXTERNAL, you must include the EXTCLS and EXTNAME parameters in the macro.
Specifies that security-checking for the resource type is performed using security definitions in CA IDMS.
SECBY=INTERNAL is valid for any CA IDMS resource type (see the following table). It is not valid for a user-defined resource type.
Specifies that no security-checking is performed for the resource type; the resource type is unsecured.
Maps the CA IDMS resource type specified in the RESTYPE parameter to the resource class you have defined for this type in the external security system.
EXTCLS is required when TYPE=ENTRY and SECBY=EXTERNAL for the entry or for any occurrence override of the entry.
If EXTCLS is specified, the information is recorded in the SRTT but used only when security enforcement is external.
Specifies a variable containing the name of the external resource class.
Specifies the name of the external resource class.
Using a set of predefined keywords, specifies the fields to be included in the external resource name. The order in which you specify the keywords is the order in which the fields will be included in the external resource name.
Since EXTNAME defines the format of the resource name for external security requests, the format you specify here must match the naming conventions for the corresponding resource class in the external security system.
Note: For more information about constructing external resource names, see Using External Security.
EXTNAME is required when TYPE=ENTRY and SECBY=EXTERNAL for the entry or for any occurrence override of the entry.
If EXTNAME is specified, the information is recorded in the SRTT but used only when security enforcement is external.
Includes in the external resource name the activity number supplied by the application.
When formatted for an external security request, this field will be a 4- to 8-character string that is the concatenation of the following:
Includes the full application name, as supplied on the current security request, in the external resource name.
Includes the database name, as supplied on the current security request in the external resource name.
Includes the ddname, as supplied on the current security request, in the external resource name. The ddname defines the operating system library in which the program (resource type SPGM) resides.
Includes the environment name in the external resource name.
Includes the resource name as specified on the current security request in the external resource name.
Includes the resource type, as supplied on the RESTYPE= parameter for this SRTT entry, in the external resource name.
Includes the schema name, as supplied on the current security request, in the external resource name. The schema name qualifies the names of SQL tables (resource type TABL) and access modules (resource types DACC and SACC).
Includes the subschema name, as supplied on the current security request, in the external resource name.
Includes the name of the CA IDMS system in the external resource name.
Includes the version number for load modules (resource type SLOD) and non-SQL schemas (resource type NSCH), as supplied on the current security request, in the external resource name.
Indicates the end of SRTT specifications.
You can specify TYPE=FINAL only once. SRTT entries will be generated from the series of #SECRTT macros beginning with the one that specifies TYPE=INITIAL.
|
Copyright © 2014 CA.
All rights reserved.
|
|