Specifies the area containing the security request block (SRB) associated with this request. This area is mapped by DSECT #SECRB.
The location of the SRB is required because most of the other parameters coded on the #SECHECK will be stored in the SRB.
Specifies the symbolic name of the area containing the SRB.
Specifies the register containing the address of the SRB.
Specifies the type of the resource being checked. The name of the resource type must be one- to four-characters. At runtime the resource type must be defined to CA IDMS centralized security.
Note: For a list of valid CA IDMS resource types, see #SECRTT.
#SECHECK does not validate the resource type. However, the security system will fail the request at runtime if the type is not valid.
Specifies a user-defined field containing the name of the resource type.
The field must be at least four bytes in length. The name of the resource type must be left-justified and padded with blanks.
Specifies a register containing the address of the resource type name.
Specifies a literal that is the name of the resource type.
Specifies the name of the resource being checked.
Specifies a user-defined field containing the name of the resource.
The resource name must be left-justified and padded with blanks or binary zeros.
Specifies a register containing the address of the resource name.
Specifies a literal that is the name of the resource.
Specifies the authorities the user must hold to gain access to the resource being checked.
Specifies the name of the authority. If you specify only one authority, you may omit parentheses.
Valid authority names are as follows:
|
ALTER CREATE DBADMIN DBAREAD DBAWRITE DCADMIN DELETE DISPLAY |
DROP EXECUTE INSERT REFERENCES SELECT SIGNON SYSADMIN UPDATE USE |
Specifies a user-defined six-byte field or a register containing the address of such a field. You must set the bits in the field corresponding to the required authorities.
Specifies whether the security system should update the category table from the catalog before proceeding with the security check.
If category-indicator is 0, the security system will unconditionally update the category table from the catalog before making the security check.
If category-indicator is a non-zero value, the security system will update the category table from the catalog before making the security check only if the category has not already been retrieved.
category-indicator must be one of the following:
If the category is zero, the security system will retrieve the assigned value from the security database and return it in the SRB.
CATEGRY is valid only for resource types which can be secured by categories. If you specify CATEGRY for the resource, do not specify the APPLFNC parameter.
Specifies the database name for the load area in which resource types such as database resources and load modules for CA ADS dialogs reside. The runtime security system ignores the contents of this field for other resource types.
Resource type DB: Use the RESNAME parameter to supply database name if the security check is for resource type DB.
Specifies the name of a user-defined field that contains the database name.
The database name must be left-justified and padded with blanks or binary zeros.
Specifies the register with the address of the user-defined field that contains the database name.
Supplies the database name as a character string literal.
Specifies the version for load modules (resource type SLOD) and non-SQL schemas (resource type NSCH). The value in this parameter must be in the form Vnnnn, where nnnn is the version in character format.
If you specify VERSION= for the resource, do not specify the DDNAME parameter.
Specifies the name of a user-defined field that contains the version number.
Specifies the register with the address of the user-defined field that contains the version number.
Supplies the version number as a character string literal.
Specifies the ddname defining the operating system library in which a program (resource type SPGM) resides.
If you specify DDNAME for the resource, do not specify the VERSION= parameter.
Specifies the name of a user-defined field that contains the ddname.
The ddname must be left-justified and padded with blanks.
Specifies the register with the address of the user-defined field that contains the ddname.
Supplies the ddname as a character string literal.
Specifies the name of the schema for SQL tables (resource type TABL) and access modules (resource type DACC and SACC).
Resource type SCHEMA: Use the RESNAME parameter to specify schema name if the security check is for a schema (resource types QSCH and NSCH).
Specifies the name of a user-defined field that contains the schema name.
Schema name must be left-justified and padded with blanks.
Specifies the register with the address of the user-defined field that contains the schema name.
Supplies the schema name as a character string literal.
Specifies the subschema name for native run units (resource type NRU).
Specifies the name of a user-defined field that contains the subschema name.
Subschema name must be left-justified and padded with blanks.
Specifies the register with the address of the user-defined field that contains the subschema name.
Supplies the subschema name as a character string literal.
Specifies the number associated with an application function. Each application can have up to 256 functions, numbered 1 through 256. Function numbers must be unique within a given application but need not be unique across applications.
APPLFNC is valid for activities (resource type ACTI) only. If you specify APPLFNC for the resource, do not specify the CATEGRY parameter.
Supplies the application function number.
Application-function-indicator can be one of the following:
Specifies a list of resources to be checked on this call.
The resource list contains one entry for each resource being checked. All resources in the list must be of the same resource type.
Note: For more information about the format of the entries in a resource list, see DSECT #SECRLST in Security Database Information and DSECTs.
Specifies one of the following:
Specifies the number of entries in the list specified by RESLIST.
Specifies one of the following:
Specifies that one or more registers are to be saved across the call. This parameter is valid in system mode only.
Specifies a register.
Register-number must be a numeric literal.
Controls the expansion of the #SECHECK macro.
If you omit the CALL parameter, the effect is the same as specifying CALL=YES.
Causes #SECHECK to generate both the code to complete the SRB and invoke the security system.
Causes #SECHECK to generate the code to fill in the SRB fields, but not to build the parameter list or the call.
Causes #SECHECK to generate only the code needed to invoke the security system.
Specifies whether you want the SRB to be initialized.
If you omit the CLEAR= parameter, the effect is the same as specifying CLEAR=YES.
Causes #SECHECK to clear the SRB to binary zeros before the macro expansion begins to assign values.
Indicates that the SRB should not be initialized.
Specifies the address of the area in which to build the parameter list.
Supplies the default name for the area that contains the parameter list.
Overrides the default area name SYSPLIST by specifying one of these:
|
Copyright © 2014 CA.
All rights reserved.
|
|