Coding Each AOF Rule Type › Security Rules › AOF Variables Available in an SEC Rule › OPAU Variables for All Security Events

OPAU Variables for All Security Events

The following variables are available for all types of security events:

SEC.OPAUAUSR

The authorization string of the CA OPS/MVS installation

Data Type: Character, read-only

Source: The value of the CA OPS/MVS AUTHSTRING parameter (described in the Parameter Reference)

Sample Value: TRIAL

SEC.OPAUBYSC

Indicates whether security processing should be bypassed.

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates whether security is bypassed.

Sample Value: 1

Note: This flag is true for the CA OPS/MVS main address space and for AOF rules.

SEC.OPAUECJB

Indicates whether the current address space is an ECF user.

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type.

Sample Value: 1

SEC.OPAUERMG

The error message text

Data Type: Character, read/write

Source: Other security rules

Sample Value: 'You are not allowed to use OPSCMD'

Notes:

• Security rules can set this variable to create and send short error messages to the current user.
• CA OPS/MVS passes this variable to each rule that a security event triggers. Each rule can examine or reset this variable before passing it to the next rules for the current event.
• If multiple security rules set this variable, CA OPS/MVS uses only the value set last.

SEC.OPAUGNER

Indicates that the CA OPS/MVS authorization routine (OPAUCK) can produce error messages.

Data Type: Bit, read-only

Source: The CA OPS/MVS component that calls OPAUCK.

Sample Value: 1

SEC.OPAUJBNA

The current job name that the ASCB points to

Data Type: Character, read-only

Source: The ASCBJBNI field for batch jobs, or the ASCBJBNS field for other address spaces

Sample Value: USERA

SEC.OPAUOPJB

Indicates whether the current address space is the main CA OPS/MVS product address space.

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type.

Sample Value: 1

SEC.OPAUOSJB

Indicates whether the current address space is an OSF server.

Data Type: Bit, read-only

Source: The CA OPS/MVS component indicates the address space type.

Sample Value: 1

SEC.OPAURQRC

The return code from the current access request

Data Type: Integer, read-only

Source: Set by authorization components

Possible Values:

• 0-Request approved
• 8-Request failed
• 12-Request abended

Sample Value: 8

SEC.OPAURQTX

The type of access request

Data Type: 1 to 10 characters, right-justified, read-only, padded with blanks

Source: The CA OPS/MVS component that calls OPAUCK.

Possible Values:

AP

ADDRESS AP Host command

OPSAPI

Attempt to generate an event to the Generic Event API.

OPSAOF

ADDRESS AOF command

OPSBRW

OPSLOG Browse request

OPSCMD

OPSCMD/ADDRESS OPER (MVS, VM, JES3, IMS CMD)

OPSCTL

ADDRESS OPSCTL (MSF, OSF, ECF) request

OPSDOM

OPSDOM (DOM A MESSAGE) request

OPSEPI

ADDRESS EPI command or EPI request

OPSGLOBAL

Global or Sysplex variable access/update request

OPSHFI

SHARED file I/O request

OPSLOG

OPSLOG API request

OPSOSF

OPSOSF request (OSF command request)

OPSPARM

OPSPARM (SET PARAMETERS) request

OPSREPLY

OPSREPLY (WTO/WTOR) request

OPSREQ

Attempt to execute a REQUEST Rule.

OPSRMT

SEND a command to a server request

OPSSMTBL

STATETBL request

OPSVIEW

OPSVIEW request

OPSWTO

OPSWTO/ADDRESS WTO (WTO, WTP, WTOR) request

SOF

ADDRESS SOF request

SQL

SQL/RDF request

SUBSYSDSN

Subsystem data set open request

USS

ADDRESS USS command

Sample Value: SQL. When OPAUQRTY is blank, OPAUTRTX must be checked for a valid security type.

SEC.OPAURQTY

The type of access request

Data Type: Character, read-only

Source: The CA OPS/MVS component that calls OPAUCK.

Possible Values:

<blank>

ADDRESS AP Host Command

A

OPSVIEW request

B

OPSLOG Browse request

E

OPSEPI request

F

Automated Operations Facility request

H

OPSOSF request

J

OPSDOM request

K

OPSCTL request

L

OPSLOG API request

M

OPSRMT request

N

USS request

O

OPSCMD request

P

OPSPARM request

Q

OPSREQ request

R

OPSREPLY request

U

SQL request

V

Global and Sysplex variable access/update request

W

OPSWTO request

X

Subsystem data set open request

Y

OPSSMTBL request

Z

OPSHFI request

Sample Value: A

Notes:

• This variable will be removed with the next release of CA OPS/MVS.
• In some cases where SEC.OPAURQTX contains a value, this variable contains a single blank.

SEC.OPAUSSNA

The CA OPS/MVS subsystem name to which the request was directed.

Data Type: Character, read-only

Source: Subsystem to which the request was directed.

Sample Value: OPSS

Note: You can use this variable to create a security rule that works on multiple subsystems (for example, a production and a test system).

SEC.OPAUUSID

The CA ACF2/CA Top Secret/RACF logon ID for this request

Data Type: Character, read-only

Source: The SAF user ID associated with the current task or address space

Sample Value: USERA