Coding Each AOF Rule Type › Security Rules › AOF Variables Available in an SEC Rule

AOF Variables Available in an SEC Rule

You can use all AOF variable types in SEC rules, as described in the chapter “AOF Rule Tools.” You can use the following unique AOF event variables in the )PROC section of a SEC rule, and you can manually interrogate the corresponding OPSLOG display field as an aid in debugging or implementing rule logic.

SEC.TEXT

A description of the current security event. Taken from the full security event text of the CA OPS/MVS component that the user is trying to use, the description consists of:

 eventtype||de-aliased verb|| ' ' commandtext

• The first word of SEC.TEXT is the value that determines which security rules execute for the current security event
• The de-aliased verb is present only for OPSCMD events
• The commandtext is present only for OPSCMD, OPSCTL, OPSRMT, OPSAOF, and OPSEPI events
• The eventtype is always one of the following:
  • OPSAOF-An OPS/REXX program addressed commands to the AOF
  • OPSBRW-Someone used OPSLOG Browse
  • OPSCMD-Someone issued the OPSCMD command processor, or an OPS/REXX program issued ADDRESS OPER commands
  • OPSCTL-Someone used the MSF
  • OPSEPI - An OPS/REXX program addressed commands to the EPI
  • OPSGLOBAL - Global variables were accessed or updated
  • OPSLOG - Someone used the CA OPS/MVS Automation Analyzer to process OPSLOG
  • OPSOSF - An OPS/REXX program addressed commands to the OSF
  • OPSPARM - Someone issued the OPSPARM TSO command or invoked the OPSPRM() REXX function to change CA OPS/MVS parameters
  • OPSREPLY - Someone used the OPSREPLY command processor to respond to a WTOR
  • OPSRMT - Someone used the OPSRMT command processor to issue a command to a remote machine
  • OPSSMTBL - Someone used the OPSSMTBL command processor
  • OPSWTO - Someone used the OPSWTO command processor to issue a WTO message
  • SOF - An OPS/REXX program addressed commands to the SOF
  • SQL - Someone issued the OPSQL command processor, or an OPS/REXX program issued ADDRESS SQL commands
  • SUBSYSDN - Someone opened a CA OPS/MVS subsystem data set
  • OPSVIEW - Someone invoked the OPSVIEW application

Data Type: Character, read-only

Sample Value: OPSCMDSTOP P OPSS

OPSLOG Browse Column: Text is always displayed.

SEC.TYPE

The SEC.TYPE variable determines which rules execute for the current security event.

The type of security request from the CA OPS/MVS component that the user is trying to access. See the event types listed in the description of the SEC.TEXT variable.

Data Type: Character, read-only

Sample Value: OPSPARM

Notes:

• If the event type is OPSCMD, CA OPS/MVS appends the command verb to the event type (for instance, OPSCMDSTOP). But, because the variable can contain no more than ten characters, some of the verb may be truncated.
• If the event type is OPSGLOBAL, the SEC.TYPE variable may have the first character of the global variable name appended to OPSGLOBAL when you append the name of a global variable prefix on the )SEC rule specifier. For example, if you specify )SEC OPSGLOBALGLOBAL1.*, the SEC.TYPE variable has the value OPSGLOBALG.

OPSLOG Browse Column: MSGID

SEC.USER

The primary purpose of the USER variable is to provide a method to pass a small amount of data between the rules. This data may be binary or mixed case. The USER field may also be used for filtering in the OPSLOG. However, USER data used for OPSLOG filtering must be uppercase and displayable.

An 8-byte variable providing communication between rules that execute for the same security event. The variable can contain any installation data that these rules need, and it can store a character string displayable through OPSLOG Browse.

Data Type: User-defined, read/write

Note: Before AOF processing, this variable is initialized to binary zeros. It is then passed to each rule that executes for the same security event. Each rule can look at or change the variable contents before passing the variable to the next rule for the security event.

OPSLOG Browse Column: USER