You log onto the ECF by issuing a ?LOGON command to create an OPSECF address space to conduct a session with you by entering the following command at a z/OS (or JES3) console:
?LOGON userid/password
The userid specified must be a valid TSO user ID on the machine on which the command was entered, and password must be a valid password for that user ID. The ability of the ECF session to access data sets will be the same as if the logon had been to TSO.
The ?LOGON command shown above takes the CA OPS/MVS default for creating the OPSECF address space:
Note: CA OPS/MVS only allows SUB(MSTR) ECF sessions from a locally attached MCS console with Master authority; therefore you must code SUB(JESx) on your ?LOGON command if CA OPS/MVS is running SUB=MSTR and you are using any console other than the z/OS MCS console with master authority.
ECFSECURITY is bypassed if the ECF is run in SUB=MSTR. In this case, the only security will be that defined for the ECF address space. Any ECF security defined in the initialization parameters during installation is ignored.
The most reliable means of running an ECF session is SUB=MSTR, even if
CA OPS/MVS itself is being run SUB=JES3. You can use the following form of the ?LOGON command only from a locally attached MCS console with Master Authority:
?LOGON userid/password sub(mstr)
For this form of the command to work, the OPSECF JCL PROC must be in SYS1.PROCLIB and, if you are using DFSMS, all data sets referenced by that PROC must be cataloged in the z/OS master catalog.
You must use the ECF in this way to take advantage of its system rescue capability. When an OPSECF session is created SUB=MSTR, it has the security profile defined for the OPSECF address space. That is, it does not assume the security profile of the TSO ID with which you logged on, as it would if you had logged on SUB=JESx. This is so you can be sure to have a high enough data set access authority level to perform any system rescue that might be needed.
|
Copyright © 2014 CA.
All rights reserved.
|
|