Previous Topic: TSSSIM and CA RoscoeNext Topic: LOGOFF/SIGNOFF

Using the TSSSIM Utility(TSO) Invoke a Simulation Session to Test Security File Permissions

(TSO) Invoke a Simulation Session to Test Security File Permissions

In TSO (non‑SPF environment), you specify the LOGON command to invoke the simulator. This command uses security macro RACROUTE REQUEST=VERIFY.

Follow these steps:

  1. Enter TSSSIM at the READY prompt to invoke the simulator.
  2. Entering the LOGON command to begin a simulation session, specifying at least a user ACID and facility, as shown in the following syntax: 
    LOGON ACID(acid) FACILITY(facility_name)

    TSSSIM returns a message that a successful simulated session has been established. If there are any restrictions, the simulator returns a message accordingly.

You can use the following parameters with the LOGON command:

ACID(acid)

Specifies the ACID whose session you will simulate with TSSSIM. A password is not used with a TSSSIM signon.

CPU

Specifies any four‑character SMF CPU ID.

Default: CPU to which the administrator is currently signed on

FACILITY(facility_name)

Specifies the facility that you are simulating for your TSSSIM session. To test maskable resources with TSSSIM, the facility name must have the RES suboption; otherwise, the simulation might not accurately reflect the permissions for maskable resources.

MODE

Specifies the security mode in which the simulated session operates.

Options: DORM, WARN, IMPL, or FAIL

Default: FAIL

PRIVPGM

Specifies any valid z/OS program name. This program is automatically passed to all simulated resource commands to simulate proper PRIVPGM restrictions unless explicitly overridden on individual simulated resource commands.

QUALIFIER

Specifies any high‑level qualifier to be issued as part of the data set name. This qualifier is automatically passed as part of the data set name for all issued resource checks unless specifically overridden on individual resource commands.

SVC

Specifies the valid SVC name that must be among the list of SVC names allowed by TSSSIM. This SVC is automatically passed as the SVC in control for all resource checks unless explicitly overridden on individual resource commands.

Default: OPEN

TERMINAL

Specifies any valid VTAM or TCAM network terminal ID.

Default: Terminal to which the administrator is currently signed on

TRACE

Controls the simulation trace facility and can be specified as TRACE or NOTRACE. When activated, each resource check will pinpoint the exact reason for resource access or denial.

Default: NOTRACE

During a simulation, you can override some of the parameters that were specified during logon. For example, you can include a PRIVPGM specification on many resource commands that overrides the PRIVPGM logon parameter (which is useful when checking security permissions that use program pathing).

Example: Invoke a Simulation Session and Simulate a TSO Facility for Your Session

After invoking the Security Simulation Facility by entering TSSSIM at the READY prompt, an administrator logs on with the simulated ACID in a TSO facility:

LOGON ACID(MYACID) FACILITY(TSO)