Coding Each AOF Rule Type › Security Rules › AOF Variables Available in an SEC Rule › OPAU Variables for All Security Events

OPAU Variables for All Security Events

The following variables are available for all types of security events:

SEC.OPAUAUSR

The authorization string of the CA OPS/MVS installation

Data Type: Character, read-only

Source: The value of the CA OPS/MVS AUTHSTRING parameter (described in the Parameter Reference)

Sample Value: TRIAL

SEC.OPAUBYSC

Indicates whether security processing should be bypassed

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates whether security is bypassed

Sample Value: 1

Note: This flag is true for the CA OPS/MVS main address space and for AOF rules.

SEC.OPAUECJB

Indicates whether the current address space is an ECF user

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type

Sample Value: 1

SEC.OPAUERMG

The error message text

Data Type: Character, read/write

Source: Other security rules

Sample Value: 'You are not allowed to use OPSCMD'

Notes:

• Security rules can set this variable to create and send short error messages to the current user.
• CA OPS/MVS passes this variable to each rule that a security event triggers. Each rule can examine or reset this variable before passing it to the next rules for the current event.
• If multiple security rules set this variable, CA OPS/MVS uses only the value set last.

SEC.OPAUGNER

Indicates that the CA OPS/MVS authorization routine (OPAUCK) should produce error messages

Data Type: Bit, read-only

Source: The CA OPS/MVS component that calls OPAUCK

Sample Value: 1

SEC.OPAUJBNA

The current job name that the ASCB points to

Data Type: Character, read-only

Source: The ASCBJBNI field for batch jobs, or the ASCBJBNS field for other address spaces

Sample Value: USERA

SEC.OPAUOPJB

Indicates whether the current address space is the main CA OPS/MVS product address space

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type

Sample Value: 1

SEC.OPAUOSJB

Indicates whether the current address space is an OSF server

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type

Sample Value: 1

SEC.OPAURQRC

The return code from the current access request

Data Type: Integer, read-only

Source: Set by authorization components

Possible Values:

• 0-Request approved
• 8-Request failed
• 12-Request abended

Sample Value: 8

SEC.OPAURQTX

The type of access request

Data Type: 1 to 10 characters, right-justified, read-only, padded with blanks

Source: The CA OPS/MVS component that calls OPAUCK

Possible Values:

• AP-ADDRESS AP Host command
• OPSAOF-ADDRESS AOF command
• OPSBRW-OPSLOG Browse request
• OPSCMD-OPSCMD/ADDRESS OPER (MVS, VM, JES3, IMS CMD)
• OPSCTL-ADDRESS OPSCTL (MSF, OSF, ECF) request
• OPSDOM-OPSDOM (DOM A MESSAGE) request
• OPSEPI-ADDRESS EPI command or EPI request
• OPSGLOBAL-Global variable access/update request
• OPSHFI-SHARED file I/O request
• OPSLOG-OPSLOG API request
• OPSOSF-OPSOSF request (OSF command request)
• OPSPARM-OPSPARM (SET PARAMETERS) request
• OPSREPLY-OPSREPLY (WTO/WTOR) request
• OPSREQ-Attempt to execute a REQUEST Rule
• OPSRMT-SEND a command to a server request
• OPSSMTBL-STATETBL request
• OPSVIEW-OPSVIEW request
• OPSWTO-OPSWTO/ADDRESS WTO (WTO, WTP, WTOR) request
• SQL-SQL/RDF request
• SUBSYSDSN-Subsystem data set open request
• USS-ADDRESS USS command

Sample Value: SQL. When OPAUQRTY is blank, OPAUTRTX must be checked for a valid security type

SEC.OPAURQTY

The type of access request

Data Type: Character, read-only

Source: The CA OPS/MVS component that calls OPAUCK

Possible Values:

• <blank>-ADDRESS AP Host Command
• A-OPSVIEW request
• B-OPSLOG Browse request
• E-OPSEPI request
• F-Automated Operations Facility request
• H-OPSOSF request
• J-OPSDOM request
• K-OPSCTL request
• L-OPSLOG API request
• M-OPSRMT request
• N-USS request
• O-OPSCMD request
• P-OPSPARM request
• Q-OPSREQ request
• R-OPSREPLY request
• U-SQL request
• V-Global variable access/update request
• W-OPSWTO request
• X-Subsystem data set open request
• Y-OPSSMTBL request
• Z-OPSHFI request

Sample Value: A

Notes:

• This variable will be removed with the next release of CA OPS/MVS.
• In some cases where SEC.OPAURQTX contains a value, this variable will contain a single blank.

SEC.OPAUSSNA

The CA OPS/MVS subsystem name to which the request was directed

Data Type: Character, read-only

Source: Subsystem to which the request was directed

Sample Value: OPSS

Note: You can use this variable to create a security rule that works on multiple subsystems (for example, a production and a test system).

SEC.OPAUUSID

The CA ACF2/CA Top Secret/RACF logon ID for this request

Data Type: Character, read-only

Source: The SAF user ID associated with the current task or address space

Sample Value: USERA