|
|
|
Use the DISPLAY SECURITY,FULL command to display all the security protection options in effect for command protection profiles and key protection profiles on all BES subsystems in an LPAR.
This command has the following format:
BESn DISPLAY SECURITY,FULL
Indicates the BES task number.
This command can be abbreviated as follows:
BESn D Y,FULL
or
BESn D Y
Limits: If you are using your security system to control access to commands, all forms of this command can be controlled by a command protection profile.
Note: The information presented by the DISPLAY SECURITY,FULL command is dynamic and contains additional information depending on which external security manager is being used.
Example: Display Security,Full command
Note: The "Generic Profiles" section will only be displayed when the Display Security,Full command is issued.
This example displays the command protection options in effect for all BES subsystems in the LPAR where the command is issued when CA@BES is active.
BES2 D Y
BES2X0103I Command Accepted
BES2SS500I CA Tape Encryption SAF Interface Options:
BES SAF System Data Values
------------------- -----------------------------------
Module Name TBESAF00
Found at location 86073000
Assembly Date 11/07/07
Assembly Time 11.16
PTF Level GGG0086
------------------- -----------------------------------
Security System RACF
BES.SECURITY/CA@BES Active
BES.DEFAULT Defined
------------------- -----------------------------------
Resource Modes
Commands Permitted (Global)
Keys Protected (Global)
Utilities Permitted
------------------- -----------------------------------
Key Profiles AES*
3DES192_KEY (GLOBAL)
------------------- -----------------------------------
Certificate Prof. CERT512
CERT1024 (GLOBAL)
------------------- -----------------------------------
CodeBook Profiles ALLBESCODEBOOK
BES2CODEBOOK
------------------- -----------------------------------
Command Profiles REFRESH.OPTIONS
PASSPHRASE (GLOBAL)
REFRESH.COPY* (GLOBAL)
REFRESH.** (GLOBAL)
------------------- -----------------------------------
Utility Profiles TBESHOW
------------------- -----------------------------------
Generic Profiles BES2.KEY*.**
BES%.KEY*.**
BES%.UTILITY.TBEKMUTL
BES%.UTI*.**
BES%.DISPLAY
BES%.DUMP
BES%.REFRESH.**
------------------- -----------------------------------
BES2SS502I CA Tape Encryption SAF Display Complete
BES2X0100I Command Complete
Note: Only generic resources that are defined to CA@BES or OPERCMDS whose resource type (for example; command, key, utility) cannot be determined will be displayed in the Generic Profiles section. Generic profiles or profiles defined with wildcards whose type can be determined will be reported in their appropriate section.
Example: Display Security,Full command when CA@BES or BES.SECURITY is not active
This example displays the following information for all BES subsystems in the LPAR where the command is issued when CA@BES or BES.SECURITY is not active.
BES2 D Y,FULL
BES2X0103I Command Accepted
BES2SS500I CA Tape Encryption SAF Interface Options:
BES SAF System Data Values
------------------- -----------------------------------
Module Name TBESAF00
Found at location 86096000
Assembly Date 04/06/07
Assembly Time 17.51
PTF Level T5BB002
------------------- -----------------------------------
Security System RACF
CA@BES/BES.SECURITY Inactive
------------------- -----------------------------------
BES2SS502I CA Tape Encryption SAF Display Complete
BES2X0100I Command Complete
Example: Display Security,Full command showing TEP module not supporting security data set selection
This example displays the following information for BES2 when the loaded version of the Tape Exit Processing module (TBETEP) does not support the security features through the SAF Interface. This result is displayed if the TEP module currently in storage is at a lower level than needed to support encryption data set selection. This can happen when the first BES subsystem that is initialized loads an earlier version of the TEP module. The results indicate that no security-based data set selection will occur. The TEP release level field only appears under this type of circumstance.
BES2 DISPLAY SECURITY,FULL BES3X0103I Command Accepted BES3SS500I CA Tape Encryption SAF Interface Options: BES SAF System Data Values ------------------- ----------------------------------- Module Name TBESAF00 Found at location 99963000 Assembly Date 04/12/07 Assembly Time 16.08 PTF Level T5BB001 TEP release level Does not support Security Selection ------------------- ----------------------------------- Security System ACF2 CA@BES Class Active BES.DEFAULT Not Defined ------------------- ----------------------------------- Resource Modes Commands Not Defined Keys Not Defined Utilities Not Defined ------------------- ----------------------------------- Key Profiles --- No entries found -- ------------------- ----------------------------------- Certificate Prof. --- No entries found -- ------------------- ----------------------------------- CodeBook Profiles --- No entries found -- ------------------- ----------------------------------- Command Profiles --- No entries found -- ------------------- ----------------------------------- Utility Profiles --- No entries found -- BES3SS502I CA Tape Encryption SAF Display Complete BES3X0100I Command Complete
| Copyright © 2011 CA. All rights reserved. | Tell Technical Publications how we can improve this information |