Define a Started Task to the STC Record

Maintaining Special Security Records › Started Task Command (STC) Record › Define a Started Task to the STC Record

Define a Started Task to the STC Record

To define a z/OS STC to CA Top Secret and audit its activity, enter the command:

TSS ADDTO(STC) PROCNAME(stcname)
               ACID(regionacid|action)
               [STCACT]

PROCNAME

Indicates the procedure name invoked by an operator O/S START command and identifies the entry in the STC special record which is to be added.

A procedure name is a member of a PROCxx concatenation defined to JES, and conforms to normal naming restrictions for member names.

CA Top Secret accepts:

The exact procedure name
A generic procedure name, with a trailing asterisk (*) to indicate that the stcname is a prefix
DEFAULT to indicate a procedure name which has not otherwise been defined to the STC record

ACID

The ACID that CA Top Secret assigns the started task option.

regionacid

Pre-existing ACID that CA Top Secret assigns the started task with designated PROCNAME. If the ACID is defined with a significant password (other than NOPW), the system console prompts for the PASSWORD associated with "acid." If the ACID is deleted, if the stcname procedure is started and assigned to this now invalid ACID. An error is issued by the delete but the command is allowed to continue.

Range: 1 to 8 characters

action

If no ACID was created for the STC, choose one of the following actions:

BYPASS—Security checking for the stcname is bypassed. This is not recommended for complex tasks like CICS, where BYPASS security can cause security failure and unpredictable outcomes during initialization and transaction execution.
FAIL—The stcname initiation fails.
PROMPT—The console operator is prompted for an ACID and password to be assigned for this instance of the started task of this stcname.

STCACT

(Optional) When START is entered at the console, TSS7152A prompts for the ACID and PASSWORD of the operator who entered the command. TSS7152A provides accountability for the operator who starts the task. The ACID supplied for accountability cannot have password NOPW. The accountability acid and password supplied in the response to TSS7152A is separate from the password of the ACID in the STC definition. This generates a separate TSS7150A message, which protects started task execution.

STC ACID passwords are only prompted in IMPL or FAIL modes.

Examples: started tasks and the STC record

This example associates a started task for disk copy that is audited:

TSS ADDTO(STC) PROCNAME(DISKCOPY)
               STCACT ACID(OP187)

This example associates a started task for a dump processing with an ACID (use the CREATE function to define ACID OP187):

TSS ADDTO(STC) PROCNAME(PRDMP)
               ACID(OP187)

This example associates undefined STCs with a default ACID (use the CREATE function to define ACID 12347):

TSS ADDTO(STC) PROCNAME(DEFAULT)
               ACID(12347)

This example FAILs all undefined STCs:

TSS ADDTO(STC) PROCNAME(DEFAULT)
               ACID(FAIL)

This example allows undefined STCs to BYPASS security:

TSS ADDTO(STC) PROCNAME(DEFAULT)
               ACID(BYPASS)

This example forces an operator to supply an ACID and password for all undefined STCs:

TSS ADDTO(STC) PROCNAME(DEFAULT)
               ACID(PROMPT)