Security Displays › External Security Section Display

Previous Topic: Resource-Value Field Values for Other Resource Types

Next Topic: Command Groups Display

External Security Section Display

The External Security Section display shows the System Authorization Facility (SAF) definitions used to interface with external security products.

The External Security Section display has the following fields:

SAF Entity Class Name

Specifies the SAF resource class name to use when you want external security to validate commands and other resources.

Specify NONE to use internal security definitions to validate all commands and resources and thus bypass SAF authorization calls.

Default: NONE

Suggested SAF resource class names:

A class name specified in the security group overrides any value specified in the GLOBAL group.

SAF Entity Name Prefix

The prefix, or first node name, used to build the entity names for SAF calls. The prefix is only used when a SAF entity class is defined.

Default: SV

Call SAF if failed internally

Specifies a value of YES if you want to call SAF to validate access to the resource if it was already failed by internal security. External security can’t grant access to a resource that was failed by internal security. The only reason to set this to YES would be to log violations in the external security database that would otherwise not be recorded.

Default: NO

Use JESSPOOL for Job Validation

Specify a value of YES if you want to use JESSPOOL resources for all job name validation calls. All other resource checks (CMND, SUBC, RESN, and so on) continue to use resources defined for the SAF Entity Class Name.

SAF only verifies JESSPOOL resources (no SAF calls for CMND, SUBC, RESN, and so on) when JESSPOOL is the SAF Entity Class Name.

Default: NO

Use System SMFID in Entity Name

Specifies whether the SAF entity name contains the system SMFID as the third node when a SAF entity class is defined.

Default: YES

Use System QUAL in Entity Name

Specifies whether the SAF entity name contains a qualifier following the resource type when a SAF entity class is defined. Some example qualifiers would be JES2 for JES resource types, or the subsystem ID for IMS resources.

Default: YES

SAF Exit Name

Specifies the name of an optional user exit to invoke before SAF. The entity class and entity name is passed to the exit.

Default: NONE

Pass JES JCT addr to SAF exit

Specifies a value of YES if you want to pass the address of the JES JCT to the SAF exit. This only applies if an exit is coded.

Default: YES

Access Entity Table Size

Specifies the initial size of the SAF Access Entity Table (AET). The AET is used to cache responses to SAF calls so subsequent calls for the same entity name can retrieve the responses. The size of the AET is specified in KB. AET storage is allocated above the 2-GB bar. A value of zero uses no AET.

Default: 256