Valid on z/OS and z/VM.
Use the FACILITY control option to:
All entry methods are accepted.
This control option has the following format:
FACILITY(facility|ALL) FACILITY(facility=subopt1<=value1>,...)
The full name of a single facility.
This example displays the status of the TSO facility:
F TSS,FACILITY(TSO)
This example updates the FACILITY option:
TSS MODIFY(FACILITY(subopt1=operand<=value><,subopt2<=value2>>…))
This example alters the BATCH facility to WARN mode and sets NOLUMSG. Note that the suboption MODE requires a value, but that the NOLUMSG suboption does not:
TSS MODIFY('FACILITY(BATCH=MODE=WARN,NOLUMSG)')
The following suboptions are available for facilities of all types:
Resets the NOABEND suboption.
A multiuser address space facility (CICS, IMS, CA‑Roscoe) will not abend if one user in the region causes a violation. This does not imply that the ACID used to define the Facility itself is immune from security abends during startup.
If NOABEND is set, CA Top Secret will not cancel the user's activity even if the violations exceed the violation's threshold (VTHRESH). CA Top Secret locks the user's terminal.
Reactivates a facility that was deactivated via the FACILITY(facility=INACT) command.
CA Top Secret Status/Diagnostic Log listings displays “IN‑USE” to indicate that a facility is active.
For example, to allow signons to the IMSPROD facility, enter:
FACILITY(IMSPROD=ACTIVE)
Indicates that CA Top Secret‑authorized job submission is being used for the given facility.
Resets the ASUBM suboption
Audits all activity for users who subsequently logon to the specified facility.
For example, to audit all user activity of a newly activated facility, enter:
FACILITY(IMSPROD=AUDIT)
Deactivates auditing of users who subsequently logon to the facility.
Requires an application to execute APF authorized in order to execute a RACINIT or RACROUTE REQUEST=VERIFY. See the User Guide for more information.
(Not recommended) Allows an application which is not APF authorized to execute a RACINIT or RACROUTE REQUEST=VERIFY. NOAUTHINIT requires that the program issuing the request must come from an APF authorized library, whether or not it is running with APF authorization. Another requirement for NOAUTHINT is that the request cannot include the PASSCHK=NO parameter.
Assigns a default ACID used for access to the specified facility by users who do not have defined ACIDs but require access to the facility. The TSS CREATE function must be used to define this default ACID. For example, a production CICS default ACID can be defined so that users who do not require specific security requirements are governed by the blanket requirements that are defined by the default ACID.
The DEFACID under CICS is used to satisfy an ATS signon only. In CICS3.2.1 or above, a DEFACID is not recommended and using CICS DFLTUSR is preferred. For example:
FACILITY(TSO=DEFACID(TSODEF))
Note: DEFACID is not needed for CICS 3.2 and above.
Indicates that CA Top Secret derives the default ACID from the terminal or batch reader name, if the userid entered at signon is not defined as an ACID, or if the batch ACID is not supplied.
A default ACID for BATCH can be defined to handle RJE (Remote Job Entry) or NJE (Network Job Entry) job submission. If so defined, all jobs that are submitted derive a default ACID associated with the NJE or RJE node. This eliminates required JCL changes or possible viewing of passwords over the NJE or RJE lines.
A BATCH default ACID can also be defined for jobs submitted through a card reader. This will eliminate required JCL changes that include coding of passwords on the job card.
To establish a default ACID for RJE remotes 1, 2, and 3, the security administrator would specify the following the in the Parameter File:
FACILITY(BATCH=DEFACID(RDR*TERM))
The security administrator would then create and define ACIDS for remote readers 1, 2, and 3. CA Top Secret will use these ACIDS to derive the default ACIDS.
TSS CREATE(RM1) DEPARTMENT(XXX)
FACILITY(BATCH)
SOURCE(RM1)
NAME('DEFAULT‑FOR‑SHOP‑1')
The security administrator would continue to create ACIDS for readers 2 and 3. When a default ACID is assigned, the user receives message TSS7053I.
Removes the default ACID for the facility specified. For example:
FACILITY(BATCH=DEFACID(*NONE*))
Note: DEFACID should never be used with facility TSO.
Honors password validation in DORMANT mode when specified for a facility. A DORMANT mode user must give the correct password to log on. For details, see the WARNPW sub‑option.
Note: Message TSS7102E will only be issued for control type ACIDs.
Does not honor CA Top Secret password validation in DORMANT mode.
Controls how jobs are initiated and passwords changed for a facility when CA Top Secret's address space is inactive. There are six suboptions associated with the DOWN option:
Indicates that a RACINIT can be performed for the facility after a TSS ZEOD has been issued. Required for JES and Console facilities.
Indicates that a RACINIT cannot be performed for the facility after a TSS ZEOD has been issued.
Equals one or two alphanumeric characters that represents the facility for reporting purposes. This value is predefined in the Facilities Matrix Table and should not be changed unless defining or renaming a facility.
CA Top Secret inserts USER= and PASSWORD= into the JCL.
CA Top Secret will not insert USER= or PASSWORD= into the JCL. Under the FTP facility, specify NOIJU to ensure FTP userid ACID is propagated.
Deactivates ability to sign on to the facility specified. Active users will continue normally. For example, FACILITY(IMS=INACT) prevents users from signing on to IMS.
Allows installation data to be stored within a region of the specified facility. See the User Guide for a description of INSTDATA.
For example:
FACILITY(TSO=INSTDATA)
Prohibits storing of installation data in a facility region. Usually done to conserve space in large user regions.
Indicates that the facility definition has been updated. It is used to determine if the facility should be displayed as a result of a TSS MODIFY, FACILITY(ALL) or a TSS MODIFY, STATUS command. FACILITIES are marked as IN‑USE as soon as a user signs on to them. Although it cannot be set directly, it is set by changing any option of the facility, through the PARMFILE or via a TSS MODIFY command. IN‑USE is turned on even if the option is set to its default value.
Can be set to equal the TCB protect key that the facility uses for storage.
Default: 8
Specifies that all LCF (Limited Command Facility) associated messages will refer to “Commands” in their text.
Specifies that all LCF‑associated messages will refer to “Transactions” in their text.
Assigns the amount of time after which a terminal connected to a specific facility will lock, if CA Top Secret does not detect activity. Facility specific locktimes are overridden by a user's or profile's locktime.
The following example indicates that terminals logged on to CICSPROD will lock if CA Top Secret does not detect activity after five minutes.
FACILITY(CICSPROD=LOCKTIME=5)
LOG indicates what types of security events CA Top Secret will record, and where it will record them.
The LOG option allows this to be done for all facilities (global) while the LOG suboption allows LOG options to be specified for each facility. Facility‑specific LOG options entered after any global LOG option will override the global option.
The security administrator might use the LOG suboption in one of three ways:
FACILITY(fac=LOG(ACTIVITY,ACCESS,SMF,INIT,MSG)) FACILITY(fac=LOG(NONE)) FACILITY(fac=LOG(ALL))
For example, to indicate that all events should be logged for CICS, enter:
FACILITY(CICSPROD=LOG(ALL))
CA Top Secret logs the user's terminal off when his locktime has expired for a second interval. Locktime transactions must be correctly installed. See the Implementation: CICS Guide for details.
(Default) CA Top Secret will not log the user off.
Requests that the system display the “last‑used” message when a user signs on to the specified facility. This operand only applies to USER type ACIDs running in other than DORMANT mode. USER type ACIDs will not display the “last‑used” message in DORMANT mode in any case. Administrator type ACIDs will always display the “last‑used” message.
For example:
FACILITY(CICSPROD=LUMSG)
Terminates the last‑used message display. This operand does not apply to administrator type ACIDs that will always display the “last‑used” message.
Activates the update of last used statistics for most successful signons. Automatic Terminal Signon (ATS) and preset terminal security normally do not update last used statistics. Last used statistics can be activated for these signons using OPTIONS(30) at TSS startup. This setting is the default for all facilities and should typically remain so.
Prevents updating of the last—used statistics for all successful signon events within this facility, regardless of the setting of the RACROUTE macro specification of the STAT=ASIS/NO parameter. Use NOLUUPD to reduce the amount of I/O to the security file when experiencing severe I/O performance problems.
This sub-option does not prevent the display of the last used messages. Use the NOLUMSG option for this.
With this sub-option set, the last used statistics are only updated when a user incurs a password violation in this facility. This event updates the password violation count and the last used statistics.
Specifies the maximum number of queued signon/signoff requests that are processed..
Default: 10
Range: 5 to 100.
For example, to manually set the threshold at 15.
TSS MODIFY FACILITY(CICSPROD=MAXSIGN=(15))
Note: The parentheses around the value are required.
Signon/signoff requests that exceed the threshold are requeued. For example, in the sample command shown next, additional attempts to sign on are requeued to CICS.
TSS MODIFY FACILITY(CICSPROD=MAXSIGN=(100,RETRY))
Abends the signon/signoff transaction. When Kill is set and the number of users attempting to sign on equals the threshold, additional attempts to sign on are failed. For example, you can restrict the number of concurrent signons to a CICS facility called CICSPAY to a threshold of 15 by using the TSS MODIFY command like this:
TSS MODIFY FACILITY(CICSPAY=MAXSIGN=(15,KILL))
When coding MAXSIGN and MAXUSER in the CA Top Secret PARM field, the MAXUSER option must be coded before MAXSIGN. If MAXUSER is not coded first, an invalid data error will occur during CA Top Secret initialization.
Specifies the size of the ACID cross‑reference table in any multi‑user address space system. In order to increase the size of the cross‑reference table, you must recycle the address space. In CICS, the MAXUSER value specified is also used to calculate necessary USCB allocation at startup.
When a multi user region starts up, the MAXUSER XREF table is built to hold the user ID and key. This table is 16 bytes times the MAXUSER value, one 16 byte entry for each user that signs on. When a user signs off, the entry is cleared and available for reuse.
When the XREF table fills up, message TSS0962E is issued. Users can sign on, but there is no entry added to the XREF table so if the region abends the storage for the user(s) is not freed. This can cause orphaned storage.
Default: 3000
Minimum: 256
Specifies a specific security mode for the facility:
Modes specified by facility must be entered after global or system‑wide mode selections in the PARMFILE. Thus, if the global mode is FAIL, but WARN is specified for the IMS facility, then all users initiating from IMS will operate in the WARN mode.
If the global mode is changed via an O/S Modify command:
F TSS,MODE(D|W|I|F)
MSGLC indicates that user violation messages are issued in mixed case. NOMSGLC indicates that user violation messages are issued in upper case only.
Used to indicate a multiuser address space.
A multiuser address space supports multiple users. Security is generally not handled by z/OS. The following facilities are examples of multiuser address space facilities: CICS, IMS, CA‑Roscoe, and CA‑IDMS.
An example of a multiuser address space appears next.
FACILITY(IMS1=MULTIUSER)
Changes the base name of a facility in the Facility matrix table. Once changed, the new facility name must always be used. To change a facility name from CICSPROD to CICSPAY, enter:
FAC(CICSPROD=NAME=CICSPAY)
Specifies whether a TSO or CICS facility supports password reverification. There is a default of two attempts for new passwords to be verified before complete logon sequence needs restarting. To set the threshold value for TSO and CICS, see NPWRTHRESH for details. When a user logs on to a facility that has activated the NPWR sub‑option of the FACILITY control option, and enters a new password, the following message is issued:
TSS7016A ENTER NEW PASSWORD AGAIN FOR REVERIFICATION
The user then enters the new password a second time for reverification. This ensures that the user correctly enters and remembers the new password. If the user enters an incorrect reverified password, he is prompted again. After the second attempt, if the reverified new password is still incorrect, the following message is issued and an accompanying DRC(015) is returned.
TSS7111E NEW PASSWORD CHANGE INVALID ‑ REVERIFICATION FAILED
Does not force password reverification.
Supplies all eight or just the first three characters of the program name issuing RACINIT SVC's. Online systems use RACINIT to support signon validation for individual users. This is the key to determining the (generic) facility. See the User Guide for details on RACINIT.
Specifies the size of the shared profile table in increments of 256 entries. A single shared profile table is allocated at the start of a region if its facility has SHRPRF set. The storage for the shared profile table is in extended private, subpool 230. Each entry in the table is 16 bytes long and contains the:
A region's shared profile table must have enough entries to hold the highest number of unique profiles that can be allocated within the region at any time. For example, a region supporting 250 users, each sharing 3 common profiles, where each user also has 1 unique profile, must have a shared profile table with no less than 253 entries.
When the shared profile table becomes full, the address space reads new profiles into the private SECREC for newly signed on users. This causes additional security file I/O during signon and may reduce the efficiency of CA Top Secret for this address space.
Default: 3
FOR TSO ONLY: Makes it useless for users to enter their passwords with their userid when logging on. This helps prevent CA Top Secret from displaying passwords on the terminal. If a user enters his password and user ID at the same time, CA Top Secret will issue a warning message and lock the user's terminal for 10 seconds (the default), then prompt for the password.
Deactivates the PROMPT suboption.
Provides for the interpretation and recognition of maskable resources within the facility. Some examples of maskable resource classes are DATASET, JESSPOOL, DB2DBASE and DB2COLL. Without RES on the facility, security checks against these resource classes will fail. To identify a maskable resource class, see the Command Functions Guide.
Lists all the resource class translate entries defined to the translate table.
Specifies a resource class translate entry to be added to the translate table.
Specifies the source resource class.
Specifies the target resource class for the translation that occurs during the resource validation process.
Both old and new resource classes must exist in the RDT. An old class defined to the RDT as a type PIE or MRIE cannot be translated to a new class type RIE.
Specifies a resource class translate entry to be removed from the translate table.
Prevents the interpretation and recognition of maskable resources within a facility. In high performance transaction managers that do not normally make use of maskable resource classes, this can improve performance. However, security features, which do involve maskable resources, cannot be used.
Enables random password generation in a facility. Two methods are supported:
RNDPW is set by default for TSO, CICS, and IMS. Some facilities might not display new, randomly generated passwords. Each facility, therefore, should test RNDPW before placing it into production.
Note: When neither RNDPW facility suboption nor NEWPW(RN) option are set and a user enters RANDOM as a new password, RANDOM is evaluated literally and set the user's password to RANDOM. NEWPW(RN) global option must not be set if user‑initiated random password generation is required.
Cancels the RNDPW suboption.
Allows profile sharing in multiuser address space environments such as CA‑Roscoe®, IMS, and CICS where it is important to conserve storage. SHRPRF allows a copy of the profile to be shared by all users in the multiuser facility. Thus, storage is used efficiently.
After a profile has been updated, users must have their profile refreshed by the security administrator, or sign on again to access the new profile. If not, the user will continue to access the version with which he signed on.
Prohibits profile sharing for the specified facility.
Allows simultaneous logons with the same ACID for the specified facility.
Sets CA Top Secret to disallow simultaneous signon for an address space by the same ACID from different sources (e.g. network terminals). When a duplicate signon is sensed, CA Top Secret issues message TSS7172E and disallows the second session. In IMPL and FAIL mode, this restriction is strictly enforced. In WARN mode, only a message is issued: signon by the same ACID from multiple terminals is logged and the user is warned, but the restriction is not enforced.
Note: Keyword SIGNMULTI allows specific user ACIDs to sign on multiple times, when the facility sub‑option is SIGN(S) and you have specified TYPE=CICS as the FACILITY option. See information, see the Command Functions Guide.
Requests that the system display the status message when a user signs on to the specified facility. This operand only applies to USER type ACIDs running in other than DORMANT mode. USER type ACIDs will not display the status message in DORMANT mode in any case. Administrator type ACIDs will always display the status message.
Terminates the status message display. This operand does not apply to administrator type ACIDs that will always display the status message.
Used to indicate a single‑user address space. For the purposes of CA Top Secret, a single‑user address space requests data sets directly from z/OS. These facilities are single‑user address spaces: TSO, BATCH, and STC.
Allows entire facility to be traced. See SECTRACE for more information.
Deactivates the TRACE suboption.
Indicates that a facility is TSO compatible, the facility can handle TGET and TPUT SVCs.
Cancels the TSOC suboption.
When listing all facilities, a three‑digit numerical value (ranging from 000 to 100) displays for the TYPE= parameter. This parameter should not be changed except when defining or renaming a new CICS, CA‑IDMS®, DB2, CA‑ROSCOE, or IMS facility. Then TYPE= must be specified as TYPE=CICS, TYPE=IDMS, TYPE=DB2, TYPE=ROSCOE, or TYPE=IMS. These changes will also update the facility ID numbers (CICS=004, IDMS=011, DB2=100, ROSCOE=007, and IMS=005.) A facility with no predefined keyword is assigned display type 099.
When used to modify a dummy facility, the keyword facility TYPE must be used as follows:
TSS MODIFY FACILITY(xxxxx=TYPE=IMS)
Specifies that the first n characters of an online userid is used to derive the ACID for the user.
Forces defined users and jobs to use their correct passwords during the WARN mode. The default for the WARN mode would normally allow a job to process, even if the user omitted his password or entered it incorrectly.
If the user signs on with a security administrator's ACID, and omits or enters an invalid password, CA Top Secret will FAIL the request regardless of the current security mode, or control option settings. CA Top Secret ignores the WARNPW option for undefined user ACIDS, and in DORMANT mode.
Cancels the WARNPW suboption.
Sets protection in place by default for all commands and transactions controlled by the facility. Explicit authorization is required through LCF (Limited Command Facility) or through OTRAN permission.
Indicates that transactions and commands need not be authorized through LCF before they can be used.
The following suboptions are CICS-specific and can be used when you have specified TYPE=CICS as the FACILITY option.
Note: For information about how these CICS suboptions are used, see the Implementation: CICS Guide.
The following suboptions comprise the CICS BYPASS and CICS PROTECT resource lists:
Lists all CICS resources on the bypass list and protect list.
To display the default Bypass and Protect Lists, issue the following command:
TSS MODIFY(FACILITY(CICSPROD=BYPLIST))
Results of the command are displayed below.
Important! The ellipsis (….) punctuation is essential and represents internal CICS transactions with hexadecimal unprintable names.
FACILITY DISPLAY FOR CICSPROD BYPASS TABLE DISPLAY FOR FACILITY CICSPROD RESOURCE=LOCKTIME BYPASS NAMES: TSS RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT CDTS CECS CEGN CEHP CEHS CESC CESF CESN CFTS CGRP CITS CLQ2 CLR1 CLR2 CLS3 CLS4 CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC CSKP CSLG CSMI CSM1 CSM2 CSM3 CSM4 CSM5 CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST CWTR CXCU CXRE CXRT TS 8888 9999 .... .... .... .... .... .... CFTL CFSL CKTI CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CPIR CPIS CISC CISD CISE CISR CISS CIST CJGC CJPI CISB CEPD CEPM CISQ CISU CISX CIS4 CRLR CISM CEPT CPSS CJSR CESL CISP CIS1 CJSL CRST CPCT CFCR CJLR RESOURCE=TRANID PROTECT NAMES: CEDF TSEU
Specifies a CICS resource prefix to add to the bypass list. Resources of this class that match this prefix are not checked by CA Top Secret security when used on a CICS with this facility.
Specifies a CICS resource prefix to remove from the bypass list.
Contains the resource names for CICS keywords DB2CONN, DB2ENTRY, and DB2TRANS. These resource names are checked against the resource class associated with the XDB2 SIT or FACILITY option. For example, DB2=P8 bypasses security checking for DB2CONN(P8*), DB2ENTRY(P8*), and DB2TRANS(P8*) when FACMATRX=YES and XDB2=YES in the associated CICS facility.
Specifies CICS resources that are added to the protect list and will override a (generally shorter) entry on the bypass list.
Specifies CICS resources to remove from the protect list.
Resources can be added to the bypass list (to avoid checking by CA Top Secret) or added to the protect list (to be checked). If a resource is added to both lists, the entry on the protect list overrides the bypass list. For example, the following entry on the bypass list would bypass security checking for all transactions beginning with XY:
TSS MODIFY FACILITY(CICSTEST=BYPADD(TRANID=XY)
You can still check for security on transaction XYZ by entering the following command:
TSS MODIFY FACILITY(CICSTEST=PROTADD(TRANID=XYZ)
The PROTADD(TRANID=XYZ) command overrides the BYPADD(TRANID=XY) command. The transactions XYAB and XYQZ match the prefix on the bypass list but do not match the override protection in the protect list: these transactions would be bypassed. The transactions XYZ and XYZQ match the entries in both the bypass list and the protect list; so the protect list entry takes precedence.
The following CICS resource classes can be used with the BYPADD, BYPREM, PROTADD, and PROTREM suboptions.
Note: This list is intended for a limited number of resources and should not be used as an alternative for the ALL Record.
Contains Extended Master Terminal Command actions, valid actions are; ADDTO, INQUIRE, PERFORM, REMOVE, and SET. For example, to bypass all CEMT INQUIRE commands, enter:
TSS MODIFY FACILITY(CICSTEST=BYPADD(CEMT=INQUIRE))
Contains transient data entries.
Contains the File Control Table entries associated with the data set. The DSNCHECK= suboption must be set to YES.
Contains File Control Table entries. The DSNCHECK= suboption must be set to NO.
Contains Journal Control Table entries.
The elements in the list may be transactions or terminals:
TSS MODIFY (fac(xxxxxxxx=PROTADD(LOCKTIME=yyyy)))
CICS facility name.
Transaction or Terminal. For transactions, supply the complete transaction ID. For terminals, the resource should be specified according to the access method:
Specifies whether LOCKTIME is pseudo‑conversational or conversational. YES equals pseudo‑conversational. Recycling of CICS is required when this control option is changed.
Contains interval control started transaction identifiers that are not checked by CA‑Top Secret.
Contains program processing control entries that are not checked by CA‑Top Secret.
Contains PSB entries.
Contains a list of CICS command level application programming interface commands. Valid commands are: EXEC CICS SET and EXEC CICS INQUIRE. For example, to protect all EXEC CICS SET commands, enter:
TSS MODIFY FACILITY(CICSTEST=PROTADD(SPI=SET))
To bypass all EXEC CICS INQUIRE commands, except SYSTEM, enter:
TSS MODIFY FACILITY(CICSTEST=BYPADD(SPI=INQUIRE))
To bypass EXEC CICS INQUIRE SYSTEM, also enter:
TSS MODIFY FACILITY(CICSTEST=BYPADD(CEMT=INQUIRE))
Contains system identification names of the CICS systems. SYSID= is only applicable to CICS 3.3 and below.
Note: If EXTSEC=NO is coded in the DFHSIT parameter or the FACMATRX suboption, you must add SYSID to the bypass list.
Contains a list of terminal entries.
VTAM=Netname, TCAM=Terminal ID and BTAM=Terminal ID
Contains transaction identifiers that are not checked by CA‑Top Secret.
Contains transaction identifiers that will bypass all security checking for the transaction. When issuing a TSS MODIFY(FACILITY(CICS facname)) command, the bypass list for TRANID will contain '...'. These periods represent CICS internal transactions whose names contain unprintable characters. These entries cannot be removed.
TRANID is different from TRAN in that TRANID uses all types of security checking (OTRAN, LCF, file, program, locktime). TRAN only uses OTRAN or LCF security checking.
TSS MODIFY FACILITY(CICS=BYPADD(TRANID=HELP))
Note: TRANID=TS should not be removed from the CICS Bypass List. It is always needed for LOCK/UNLOCK. Security for the TSS transaction is controlled entirely through administrative authorities; not through transaction protection.
TRANID overrides TRAN in the FACILITY BYPASS LIST.
Contains Temporary Storage entries.
Specifies whether individual data set names or File Control Table entries are checked. XFCT=YES is required for DSNAME checking if running CICS 3.3 or below. See the FACMATRX in the CICS SIT/PCT Override FACILITY Settings section. If DSNCHECK is specified, then RES must also be set.
CICS SIT/PCT settings defined to CICS might be overridden by FACILITY settings as described next.
Specifies whether CA Top Secret is to override definitions defined to CICS through table assemblies or the CSD file.
CA Top Secret facility settings override CICS definitions.
(Default) CICS definitions override conflicting facility settings.
Indicates whether CA Top Secret security is active or inactive.
CA Top Secret security is invoked for this region.
One of the following:
Indicates whether session security can be used.
Session security can be used.
Session security cannot be used. Only the BIND password (defined to CICS for the APPC connection) is checked.
Indicates whether EXEC CICS commands are checked by CA Top Secret.
All SPI commands are checked by CA Top Secret.
All SPI commands are not checked by CA Top Secret.
SPI commands include both CEMT commands and EXEC CICS SPI commands from an application program.
Enables/disables secondary resource checking for resource class CTSDB2 to substitute for CICS/DB2 keywords:
During initialization, for CTS 1.2 and above, CICS activates a profile for class CTSDB2. CICS performs security checking by substituting CTSDB2 for the keyword. When XDB2=YES, and FACMATRX=YES, the administrator is also expected to provide security for IBMFAC(DFHDB2.) as documented by IBM in the CICS RACF Security Guide.
Indicates whether transient data entries are checked by CA Top Secret.
Transient data entries for this region are checked by CA Top Secret.
Transient data entries for the region are not checked by CA Top Secret.
Specifies whether support of security roles is enabled.
CICS Support for security roles is enabled:
When an application invokes a method of an enterprise bean, CICS calls the external security manager to verify that the userid associated with the transaction is defined in at least one of the security roles associated with the method.
When an application invokes the following method:
isCallerInRole()
CICS calls the external security manager to determined whether the userid associated with the transaction is defined in the role specified on the method call.
CICS support for security roles is disabled. CICS does not perform enterprise bean method level checks, allowing any userid to invoke any enterprise bean method. The following method always returns a value of TRUE:
isCallerInRole()
Note: To enable security role support, you must also specify SEC=YES (when FACMATRX=NO) or EXTSEC=YES (when FACMATRX=YES). A change to XEJB or EJBRPRFX requires the CICS region to be recycled in order to implement.
Indicates whether file control entries for the region are checked by CA Top Secret.
File control entries for this region are checked by CA Top Secret. Required for DSNAME checking.
File control entries for this region are not checked by CA Top Secret. Deactivates DSNAME checking.
Specifies whether or not CICS is to check the transaction user's ability to access files in the z/OS Unix System Services file system. This parameter is automatically set to NO in CTS release 3.1 and below.
CICS calls CA Top Secret to check whether or not the user is authorized to access the file identified by the URIMAP that matches the incoming URL.
CICS is not to drive a validation of access permission for z/OS UNIX files.
Indicates whether journal entries are checked for this region by CA Top Secret.
Journal entries for this region are checked by CA Top Secret.
Journal entries for this region are not checked by CA Top Secret.
Indicates whether EXEC‑started transactions for this region are checked by CA Top Secret.
EXEC‑started transactions for this region are checked by CA Top Secret.
EXEC‑started transactions for this region are not checked by CA Top Secret.
Indicates whether program entries for this region are checked by CA Top Secret.
Program entries for this region are checked by CA Top Secret.
Program entries for this region are not checked by CA Top Secret.
Indicates whether PSB entries for this region are checked by CA Top Secret.
PSB entries for this region are checked by CA Top Secret.
PSB entries for this region are not checked by CA Top Secret.
On CTS 3.2 and above systems, indicates whether or not CICS DOCCTEMPLATE resource validations should be processed. This parameter is treated as NO for all CICS releases below CTS 3.2.
DOCTEMPLATE resource validations are performed.
DOCTEMPLATE resource validations are not performed and all attempts to access DOCTEMPLATE resources are allowed.
Indicates whether attached transaction entries for this region are checked by CA Top Secret.
Attached transaction entries for this region are checked by CA Top Secret
Attached transaction entries for this region are not checked by CA Top Secret.
Indicates whether temporary storage entries for this region are check by CA Top Secret.
Temporary storage entries for this region are checked by CA Top Secret.
Temporary storage entries for this region are not checked by CA Top Secret.
Indicates whether surrogate user checking is performed by CA Top Secret.
Surrogate user checking is performed by CA Top Secret.
Surrogate user checking is not performed by CA Top Secret.
Enables the use of EJB Role Prefixing (for CTS 2.2 and above). This facility suboption specifies a 16‑byte‑value as the prefix that is used to qualify the security role defined in an enterprise bean's deployment descriptor. The prefix is applied to the security role when:
You can specify a prefix of up to 16 characters. The prefix must not contain a period (.) character. If you specify a prefix that contains lowercase characters, blanks, or punctuation characters, you must enclose it in apostrophes. If the prefix contains an apostrophe, code two successive apostrophes to represent it.
The EJBRPRFX facility control sub‑option overrides the CTS 2.2 SIT parameter EJBROLEPRFX when FACMATRX=YES. CA Top Secret does not support the use of mixed case with EJBRPRFX. If FACMATRX=YES and EJBRPRFX is not modified, CA Top Secret will interpret EJBROLEPRFX as the null string. You might implement mixed case security role support if you specify EJBROLEPRFX in the CICS SIT, and set FACMATRX=NO.
The EJBROLEPRFX parameter is ignored if security role support is not enabled. To enable security role support you must specify SEC=YES and XEJB=YES. If there is a change to security role support while a CICS region is executing, a recycle of the region is required in order to implement the change.
Specifies whether CA Top Secret will honor the SIT parameter CMDSEC=. PCTCMDSEC= is only applicable to CICS 3.1.1 and above.
(Default) CA Top Secret will not honor the PCT CMDSEC= parameter and will force a security call.
CA Top Secret will honor the SIT parameter CMDSEC=.
Specifies whether CA Top Secret will honor the PCT parameters EXTSEC= and RSLC=. PCTEXTSEC= is only applicable to CICS 3.1 and below.
(Default) CA Top Secret will not honor the PCT EXTSEC= and RSLC= parameters and will force a security call.
CA Top Secret will honor the PCT parameters EXTSEC= and RSLC=.
Specifies whether CA Top Secret will honor the SIT parameter RESSEC=. PCTRESSEC= is only applicable to CICS 4.1 and above.
(Default) CA Top Secret will not honor the SIT RESSEC= parameter and will force a security call.
CA Top Secret will honor the SIT parameter RESSEC=.
Identifies the facility matrix sub option in the modification of the CICS caching option. This option sets the processing options and size for the memory "cache box" that TSS allocates for each terminal session. As resources are successfully accessed, resources are cached to minimize security file and audit file access. Cached resources are not rechecked against the security file. By default, cached resources will not be audited, and the cache is cleared at the end of every transaction. The cache box size defaults to 512 bytes.
TSS MODI FAC(CICSPROD=CICSCACHE(SESSLIFE,AUDIT,2048))
Defines CICS resources to be cached for the life of the transaction (TASKLIFE) or the life of the signed—on user (SESSLIFE).
Default: TASKLIFE.
Defines whether new resource checks of previously cached resources will be written to the ATF (audit tracking file).
Defines the size of the CICS cache box. The larger the size the more resources can be kept inside. Once the cache box is full, the oldest entries get removed.
Default: 512
Indicates whether RLP processing is activated by CA Top Secret. Valid operands include:
RLP processing is activated by CA Top Secret
RLP processing is not activated by CA Top Secret
Sets CA Top Secret to allow simultaneous signon for an address space by the same ACID from different sources (for example, network terminals). CA Top Secret will not convert a product to allow multiple signons where the product itself only tolerates single signons within the address space. It is recommended that you recycle the related CICS region(s) after dynamically changing SIGN(M); otherwise, unpredictable effects can occur.
Note: This parameter interacts with the CICS SIT parameter SNSCOPE. For details, see the Implementation: CICS Guide.
Sets CA Top Secret to disallow simultaneous signon for an address space by the same ACID from different sources (network terminals). When a duplicate signon is sensed, CA Top Secret issues message TSS7172E and disallows the second session. It is recommended that you recycle related CICS region(s) after dynamically changing SIGN(S); otherwise, unpredictable effects can occur.
Note: This parameter interacts with the CICS SIT parameter SNSCOPE. For details, see the Implementation: CICS Guide.
Indicates whether SLP processing is activated by CA Top Secret.
SLP processing is activated by CA Top Secret
SLP processing is not activated by CA Top Secret
You can use the following default option specifications to invoke predefined facilities in CA Top Secret:
ACEP INITPGM=ACE ID=A TYPE=27 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 APPC INITPGM=ATB ID=AP TYPE=03 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=IN‑USE,ACTIVE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,EODINIT,DORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 MAXUSER=03000 PRFT=003 BATCH INITPGM=IEFIIC ID=B TYPE=01 ATTRIBUTES=IN‑USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9,SMF UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 CA7 INITPGM=SAS ID=U TYPE=025 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR MODE=WARN DOWN‑GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 CICSPROD INITPGM=DFH ID=C TYPE=004 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR ATTRIBUTES=LUUPD MODE=WARN DOWN=GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 FACMATRX=NO EXTSEC=YES EJBRPRFX=NO XJCT=YES XFCT=YES XCMD=YES XDCT=YES XTRAN=YES XDB2=NO XEJB=NO XTST=YES XPSB=YES XPCT=YES XPPT=YES XAPPC=NO XUSER=NO XHFS=NO XRES=NO PCTEXTSEC=OVERRIDE PCTCMDSEC=OVERRIDE PCTRESSEC=OVERRIDE DSNCHECK=NO LTLOGOFF=NO RLP=NO SLP=NO PCLOCK=NO MAXUSER=03000 PRFT=003 MAXSIGN=010,RETRY CICSCACHE=TASKLIFE,NOAUDIT,0512 FACILITY DISPLAY FOR CICSPROD BYPASS TABLE DISPLAY FOR FACILITY CICSPROD RESOURCE=LOCKTIME BYPASS NAMES: TSS RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT CDTS CECS CEGN CEHP CEHS CESC CESF CESN CFTS CGRP CITS CLQ2 CLR1 CLR2 CLS3 CLS4 CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC CSKP CSLG CSMI CSM1 CSM2 CSM3 CSM4 CSM5 CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST CWTR CXCU CXRE CXRT TS 8888 9999 .... .... .... .... .... .... CFTL CFSL CKTI CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CFIR CPIS CISC CISD CISE CISR CISS CIST CJGC CJPI CISB CEPD CEPM CISQ CISU CISX CIS4 CRLR CISM CEPF CPSS CJSR CESL CISP CIS1 CJSL CRST CPCT CFCR CJLR RESOURCE=TRANID PROTECT NAMES: CEDF TSEU
CICSTEST INITPGM=DFH ID=K TYPE=004 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR ATTRIBUTES=LUUPD MODE=WARN DOWN=GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 FACMATRX=NO EXTSEC=YES EJBRPRFX=NO XJCT=YES XFCT=YES XCMD=YES XDCT=YES XTRAN=YES XDB2=NO XEJB=NO XTST=YES XPSB=YES XPCT=YES XPPT=YES XAPPC=NO XUSER=NO XHFS=NO XRES=NO PCTEXTSEC=OVERRIDE PCTCMDSEC=OVERRIDE PCTRESSEC=OVERRIDE DSNCHECK=NO LTLOGOFF=NO RLP=NO SLP=NO PCLOCK=NO MAXUSER=03000 PRFT=003 MAXSIGN=010,RETRY CICSCACHE=TASKLIFE,NOAUDIT,0512
FACILITY DISPLAY FOR CICSTEST
BYPASS TABLE DISPLAY FOR FACILITY CICSTEST
RESOURCE=LOCKTIME BYPASS NAMES: TSS
RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP
CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT
CDTS CECS CEGN CEHP CEHS CESC CESF CESN
CFTS CGRP CITS CLQ2 CLR1 CLR2 CLS3 CLS4
CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO
CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR
CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC
CSKP CSLG CSMI CSM1 CSM2 CSM3 CSM4 CSM5
CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS
CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB
CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST
CWTR CXCU CXRE CXRT TS 8888 9999 ....
.... .... .... .... .... CFTL CFSL CKTI
CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA
CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR
CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ
CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CFIR
CPIS CISC CISD CISE CISR CISS CIST CJGC
CJPI CISB CEPD CEPM CISQ CISU CISX CIS4
CRLR CISM CEPF CPSS CJSR CESL CISP CIS1
CJSL CRST CPCT CFCR CJLR
RESOURCE=TRANID PROTECT NAMES: CEDF TSEU
COMPLETE
INITPGM=THR ID=C TYPE=21
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
CONSOLE
INITPGM=*** ID=CN TYPE=02
ATTRIBUTES=ACTIVE,NOSHRPRF,NOASUBM,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,EODINIT,DORMPW,NONPWR,
MODE=FAIL DOWN=BYPASS LOGGING=ACCESS,INIT,SMF,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
MAXUSER=03000 PRFT=003
DB2PROD
INITPGM=CAD ID=DB TYPE=100
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
DB2TEST
INITPGM=CAD ID=DT TYPE=100
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
ENVIRON
INITPGM=ENV ID=E TYPE=15
ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,ABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL
LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
HSM
INITPGM=ARC ID=H TYPE=099
ATTRIBUTES=IN‑USE,ACTIVE,SHRPRF,NOABEND,SUAS,NOXDEF
ATTRIBUTES=NOASUBM,MSGLC,NOEODINIT,IJU
ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD
ATTRIBUTES=NOTRACE,NODORMPW,NONPWR
MODE=WARN DOWN=GLOBAL LOGGING=INIT,SMF,MSG,ACCESS,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
IDMSPROD
INITPGM=RHD ID=M TYPE=11
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=ACCESS,INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
IDMSTEST
INITPGM=RHD ID=Q TYPE=11
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
IMSPROD
INITPGM=DFS ID=I TYPE=05
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
IMSTEST
INITPGM=DFS ID=X TYPE=05
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
INTERACT
INITPGM=MEN ID=I TYPE=14
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=5
JES
INITPGM=HAS ID=J TYPE=12
ATTRIBUTES=ACTIVE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,DORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
OPENMVS
INITPGM=IEFIIC ID=OE TYPE=093
ATTRIBUTES=IN‑USE,ACTIVE,NOSHRPRF,NOASUBM,NOABEND,SUAS,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,EODINIT,IJU,DORMPW,NONPWR
MODE=WARN DOWN=GLOBAL LOGGING=INIT,SMF,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
NCCF
INITPGM=DSI ID=N TYPE=06
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,ABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,NOAUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR,NOEODINIT,IJU
MAXUSER=03000, PRFT=003 LOGGING=INIT,MSG DOWN=GLOBAL
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
ROSCOE
INITPGM=ROS ID=R TYPE=07
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=NOTRACE,NODORMPW,NONPWR,MSGLC
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
STC
INITPGM=IEESB605 ID=S TYPE=02
ATTRIBUTES=IN‑USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF
ATTRIBUTES=LUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
TONE
INITPGM=TON ID=T TYPE=13
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,ABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=ACCESS,INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
TSO
INITPGM=IKJEFLC ID=T TYPE=03
ATTRIBUTES=IN‑USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD
ATTRIBUTES=NOTRACE,NODORMPW,NONPWR,MSGLC
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
UNICNTR
INITPGM=*** ID=UN TYPE=104
ATTRIBUTES=IN‑USE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,DORMPW,NONPWR
MODE=WARN DOWN=GLOBAL LOGGING=MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
MAXUSER=03000 PRFT=003
VAMSPF
INITPGM=VAM ID=V TYPE=09
ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
VM
INITPGM=TSS ID=V TYPE=08
ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF
ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
WYLBUR
INITPGM=UEX ID=W TYPE=10
ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT
ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD
ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR
MODE=FAIL LOGGING=INIT,MSG,SEC9
UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
In addition to the pre‑defined facility entries, there are 222 user facility entries, named USER0 through USER221, available for site customization. Each facility entry has identical attributes with only the ID field unique to each. The following table illustrates this relationship:
|
Facilities |
ID Field |
|---|---|
|
USER0 — USER99 |
0 through 99 |
|
USER100 ‑ USER109 |
A0 through A9 |
|
USER110 ‑ USER119 |
B0 through B9 |
|
USER120 ‑ USER129 |
C0 through C9 |
|
USER130 ‑ USER139 |
D0 through D9 |
|
USER140 ‑ USER149 |
E0 through E9 |
|
USER150 ‑ USER159 |
F0 through F9 |
|
USER160 ‑ USER169 |
G0 through G9 |
|
USER170 ‑ USER179 |
H0 through H9 |
|
USER180 ‑ USER189 |
I0 through I9 |
|
USER190 ‑ USER199 |
J0 through J9 |
|
USER200 ‑ USER209 |
K0 through K9 |
|
USER210 ‑ USER219 |
L0 through L9 |
|
USER220 ‑ USER221 |
M0 through M1 |
The ID field is the same as the numeric value of the USERnnn facility. For example, for facility USER0 the id= will be 0, for facility USER23 the id= will be 23, and so on.
USERnnn INITPGM=******** id=xx TYPE=99 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|