CA JCLCheck Runtime Options › Description of Runtime Options › SECURITY

SECURITY

The SECURE option requests support of the pre-validation of the security environment.

This option has the following format:

SECurity(options)|NOSECure

Default: NOSECure

Use options to modify security checking. Specifying the Security option automatically activates various pre-validation checks. The following are these checks:

PROGram|NOPROGr

Provides information about how the program on the EXEC statement is defined to the security system. Use of the DEFine sub-parameter reports whether the program is defined to the security system.

Default: PROGram

DASDvol|NODASD

Provides information from the security system about a particular volume.

Default: DASDvol

STORClas|NOStor

Provides information about a derived Storage Class and how it is defined to the security system. Your site ACS routines determine the derived Storage Class name. The high-level qualifier is used as the owner.

Default: NOStor

MGMTclas|NOMgmt

Provides information about a derived Management Class and how it is defined to the security system. Your site ACS routines determine the Management Class. The high-level qualifier is used as the owner.

Default: NOMgmt

SHRupd|NOSHRupd

Only performs a security check for ACCESS=READ on data sets defined in the JCL as DISP=SHR.

PATH|NOPAth

Activates security validation for UNIX PATHs. The user ID checked against comes from the USER(userid) JCLCheck option or the USER=userid JOB statement parameter.

Default: NOPAth

When you activate either PROGram or DASDvol, all other default security options are activated (MGMTclas, STORClas, and SHRupd). You can choose to activate or deactivate an option individually. However, you cannot deactivate basic data set level security checking which is fundamental to security checking.

Just specifying SECURITY activates the call to the CA Standard Security Facility (CAISSF). This interface makes an inquiry of the security package currently active through the CA CA90s Standard Security Facility. This interface is designed to work with CA ACF2, CA Top Secret, and any SAF‑compatible product (for example, RACF).

Note: For more information, see the Programming Guide.

• Non-DFSMS users do not need to specify NOSTOR, NOMGMT.
• When using the SECURITY option, APF authorization is required.

The SECURE option is still available to users of SECURE to provide downward compatibility. The SECURE option turns off the Standard Security interface. With this option, CA JCLCheck reads protected libraries, if the user is authorized. This option is only used if the installation has the SECURE product.

Examples: Change the security environment

NODASD

Turns off all DASDVOL resource checking.

NOLOG

Turns off logging of security violations, preventing USERID suspensions. (DEFAULT MODE - Active Logging).

NOMGMT

Turns off SMS MGMTCLAS resource checking.

NOPROG

Turns off all PROGRAM resource checking.

NOSTOR

Turns off SMS STORCLAS resource checking.

SEC

Activates validation of resources through the Standard Security facility (CAISSF).

SECurity

(NO PROG, NODASD, NOSTOR, NOMGMT, PROGRAM(DEFINE)).

SEC(PROG(DEF))

Activates validation of resources through the CAISSF and issues messages about whether the executed program is defined to the active security package.

SEC(SEC)

Use only for the SECURE product.