Use the OPTIONS control option to replace several optional apars in releases of CA Top Secret prior to r5.1. Any combination of the options listed below can be set by using the appropriate numbers, as indicated. This option can be used only at startup. Multiple OPTIONS statements in the parameter file are supported.
This control option has the following format:
OPTIONS(n,n)
Represents one of the following:
|
n |
Description |
5.0 Fix Number |
|---|---|---|
|
1 |
Honor facility options NOLUMSG and NOSTMSG for administrator ACIDs. |
LS11840 |
|
2 |
Do not update LASTUSED information on the Security File more than once per day. |
LS38929 |
|
3 |
Disable inbound CPF old/new password verification. This allows gradual implementation of Security File synchronization. |
LS04865 |
|
4 |
Disable STC PASSCHK=YES. This allows STC's to be defined with passwords without forcing operators to supply a password when the STC is started. |
GS81598 |
|
5 |
Allow TSS WHOOWNS without SCOPE checking. |
GS95314 |
|
6 |
Suppress the delay after displaying the CA Top Secret message (for TSO sessions) that can occur before the '***' are displayed. |
LS11824 |
|
7 |
Truncate JOBACID at the period. For example, a job from R3.RD1 would be assigned ACID R3 even with JOBACID(R,3). |
GS88723 |
|
8 |
For a job from R3.RD1, for example, the ACID used is R3 instead of R3@RD1. |
GS89207 |
|
9 |
Do not abend CA‑11 with S913 abend when VTHRESH is reached. |
GS89315 |
|
10 |
Stop jobcard scan at col 68 if CA‑7 is the submitter. |
GS89316 |
|
11 |
In TYPE=CICS facilities, generate WTO for TSS7100E to ROUTCDE=9 (SYSLOG) when security violations are sensed. This option can degrade performance, but provides a way to monitor violations from the console. Consider TSSTRACK as an alternative. |
LS33429 |
|
12 |
Make message TSS9208I deletable and rollable on the console. |
LS00838 |
|
13 |
Disable implied FETCH access to database in the LIB() keyword of a permit. |
GS89920 |
|
14 |
Allow PRIVPGM from any library when no LIB() keyword is on the permit. |
LS11835 |
|
15 |
Make message TSS9209I deletable and rollable on the console. |
LS00838 |
|
16 |
Support lowercase letters, enabling Icelandic and Hebrew characters in fields coded in quotes. This option will not uppercase anything that is coded in quotes. See OPTIONS(73) if you wish to restrict this feature to only NAME, INSTDATA, and PHYSKEY. |
LS19775 |
|
17 |
Require operator accountability on ZEOD shutdown of CA Top Secret. |
LS26244 |
|
18 |
Ensure the CICS region ACID is used for all job submit authorizations unless one is supplied through SPOOLWRITE or TRANSIENT DATA interfaces. |
LS26245 |
|
19 |
Place the IMS XREF signon table in private storage by default (instead of in ECSA) for control and associated message regions. Enable sensitivity of region ACIDs to the MRO attribute. |
LS26647 LS26644 |
|
20 |
Assign CICS facility DFLTACID for ATS sign on from undefined terminal. |
LS33432 |
|
21 |
In TYPE=IMS facilities, generate WTO for TSS7100E to ROUTCDE=9 (SYSLOG) when security violations are sensed. This option can degrade performance, but provides a way to monitor violations from the console. Consider TSSTRACK as an alternative. |
LS33433 |
|
22 |
Force logging if using 4.1 plist for TSSAI. |
LS33985 |
|
23 |
Do not do any translation on a TSSUTIL report. |
LS34770 |
|
24 |
Audit entire session if terminal is audited. |
LS38930 |
|
25 |
Issue abend for invalid control option setting during initialization of CA Top Secret. |
LS26246 |
|
26 |
Disable ACID XAUTH check out of CA‑Roscoe exit TSSRXOUT. |
LS19963 |
|
27 |
Treat IMS TIMS resource class checks as LCF. |
LS38964 |
|
29 |
CICS: Lock terminal during TSS messages. |
GS99164 |
|
30 |
CICS: Last‑used stats for ATS. |
LS34319 |
|
31 |
CICS: Use LUname on APPL verify signon. |
LS34320 |
|
32 |
Enable USS logging feature. |
L066385 |
|
35 |
CICS: Enable APPL resource checking. |
|
|
36 |
Modifies the use of the INACTIVE control option. The user is suspended if both of the following are greater than the INACTIVE control option setting: 1) the number of days between the last date an ACID was used and today's date, and 2) the number of days between the last date the ACID's password was changed and today's date. This will not work in a CPF environment, since date changes will not be sent along with other CPF data. |
|
|
37 |
Allows the keyword WORKATTR to be used with an ACID TYPE other than GROUP. However, data cannot be extracted except for users, which are capable of signing on, and data cannot be extracted from a connected PROFILE. |
|
|
38 |
Modifies the processing of CICS EXEC VERIFY to make use of cached and encrypted password data already accessed, rather than rereading SECREC data at each subsequent VERIFY during the session. |
|
|
40 |
Disables TSS /DB2 subsystem mode. |
|
|
41‑60 |
Reserved for specific VSE options. |
|
|
61 |
Utilizes the Coupling Facility to hold the File Lock record reducing the number of I/Os to the Security File. (The Lock Record in the Coupling Facility is a feature of CA Top Secret 5.2) This increases the amount of CPU used due to the IBM support required for the Coupling Facility. You cannot use the Lock Record feature when sharing a Security File and using the Coupling Facility between the two releases. CA Top Secret 5.2 recognizes that the file is in use by a system that does not support the feature and turn the feature off. If CA Top Secret 5.2 gets control of the file first, the file is locked away from other systems that do not support the feature. The SYSID field contains $CFLOCK$. This shows that the system holding the lock is using the Lock Record in the Coupling Facility. If SHRFILE(NO) is set, the CF locking option is ignored. |
|
|
62 |
Forces validation of ACIDs. |
|
|
63 |
Reserved (not implemented) |
|
|
64 |
Honor TSSACEE in TSSCAI. |
|
|
65 |
Controls the action taken when the structure name of the Security File that is active in the Coupling Facility is different from a local Security File structure name. If this option is turned on and the structure names are different during CA Top Secret startup, the local system disconnects from the Coupling Facility and aborts. If CA Top Secret is up when this option is turned on, the local system disconnects from the Coupling Facility and forces other systems to disconnect from the Coupling Facility. When the option is off, which is the default, CA Top Secret will connect to the active structure and override the local structure. |
|
|
66 |
Uppercase the userid during a signon. |
|
|
67 |
Prevent DUF updates from being sent via CPF. |
|
|
68 |
Wait for recovery file update of password change during signon |
|
|
69 |
Fail signon if no access to specified group |
|
|
70 |
Add security to terminals defined as output only under CICS. |
|
|
71 |
Allow CPF of LIST(ACIDS) |
|
|
72 |
Reserved (not implemented) |
|
|
73 |
Support lower case letters for fields NAME, INSTDATA and PHYSKEY when the field is coded in quotes. |
|
|
74 |
Allow non-SCA to administer UID(0) |
|
|
75 |
Do not issue TSS9806I if TARGET(*) |
|
|
76 |
Do not uppercase output in CPF journal file |
|
|
77 |
Normally, a LIST issued after an ACID characteristic expires but before EXPDAYS deletes the characteristic, the UNTIL date displays EXPIRED. With OPTIONS(77) set, LIST displays the actual UNTIL date even when expired.. |
|
|
78 |
If CA Top Secret is started with SUB=MSTR, CA Top Secret will not allocate sysout $$$LOG$$ file. This allows CA Top Secret to remain up after JES terminates |
|
|
Copyright © 2013 CA.
All rights reserved.
|
|