Previous Topic: Security Module ExampleNext Topic: USERID Module Example

Internal SecurityUSERID Macro

USERID Macro

The USERID macro defines the correspondence, if any, between various UIDs for access to classified jobs, and can also identify data sets external to CA WA CA 7 Edition to be protected on a UID level.

To implement this level of security, a USERID Security module must be assembled and link edited (not RENT). It must then be identified on the SECURITY statement, in the initialization file, to allow UID correspondence and data set protection. No sample is provided in the CA WA CA 7 Edition Source library since this feature is entirely user dependent.

External data sets not specified in the USERID Security module are not protected by the CA WA CA 7 Edition UID feature.

To display information about the user IDs and their correspondence IDs (COIDs), the /COID command may be used.

Note: For more information about this command, see the Command Reference Guide.

Two formats are associated with the USERID macro. One is for ID correspondence, and the other is for data set protection. All USERID macros using UID keywords must precede the first DSN entry or assembly errors will result.

For ID correspondence, the macro has the following format:

name USERID {UID|U}=(nnn)
                    (nnn,...,nnn)
                    (nnn-nnn)
                    (nnn-nnn,,,nnn)
   [,{COIDS|C}=(nnn)         ]
   [          (nnn,...,nnn)  ]
   [          (nnn-nnn)      ]
   [          (nnn-nnn,,,nnn)]
   [,LAST=YES]

For external data set protection, the macro has the following format:

name USERID {DSNAME|DSN|D}=(xxxx,....)
   [,{READ|R}=(ALL)          ]
   [          (nnn)          ]
   [          (nnn,...,nnn)  ]
   [          (nnn-nnn)      ]
   [          (nnn-nnn,,,nnn)]
   [          (WRITE)        ]
   [,{WRITE|W}=(ALL)         ]
   [          (nnn)          ]
   [          (nnn,...,nnn)  ]
   [          (nnn-nnn)      ]
   [          (nnn-nnn,,,nnn)]
   [          (READ)         ]
   [,MBROPT={R|W|RW|WR}]
   [,LAST=YES]
name

(Optional) Specified only on the first USERID statement in the module to generate the CSECT name for the module. The default is UIDTABLE.

Start the macro name USERID in column 10. One space must appear before and after the macro name USERID. Continuation follows the rules of assembler macro coding.

U|UID

Specifies a UID, a range, a list of UIDs, or a list of ranges to have a correspondence with COIDS. UID and U can be used interchangeably. The value can be a single ID, a range of IDs or a sublist combining the previous two values. IDs can be any value from 0 through 999 in ascending order. 255 is a special value reserved for all access and cannot be specified. It is automatically generated. Specifying a value of 255, either by itself or within a range, generates an error at assembly time.

C|COIDS

Specifies UIDs that the UID inherits access. (This access is for job access only, not external data set access, unless MBROPT is used.) Can be specified as a UID, range of UIDs, list of UIDs and/or ranges of UIDs in ascending order.

D|DSN|DSNAME

Specifies a data set name or list of data set names to protected with UID security. DSNAME, DSN and D can be used interchangeably. The value is a data set name or names up to 44 characters each, which can be enclosed in quotes. Indicate a generic name by ending it with an asterisk (*), like SYS*. This keyword cannot be specified on a statement containing UID. If DSNAME is used with no other keywords, access to that data set is only allowed for a UID of 255.

R|READ

Specifies a UID or a list of UIDs or ranges to allow read access to data sets in the DSN list in ascending order. READ and R can be used interchangeably. This keyword has the same format as UID. Can also be READ=WRITE to indicate that the value is the same as the WRITE list or READ=ALL to indicate unrestricted access. This keyword cannot be specified on a statement containing the UID keyword. If MBROPT is used, READ is ignored.

W|WRITE

Specifies a UID or list or ranges in ascending order to allow write access to data sets in the DSN list. WRITE and W can be used interchangeably. This keyword has the same format as UID. Can also be WRITE=READ to indicate that the value is the same as the READ list or WRITE=ALL to indicate unrestricted access. This keyword cannot be specified on a statement containing the UID keyword. If MBROPT is used, WRITE is ignored.

MBROPT= R|W|RW|WR

Specifies member protection for JCL PDS type data sets based on access to like-named jobs in the CA WA CA 7 Edition database. Cannot be used on statements containing the UID keyword. Values can be R for read protection, W for write protection, RW or WR for both read and write protection. If specified, this keyword causes a read of the database for a job having the same name as the PDS member. If a job is found, its UID (and any associated COIDs) control PDS access. If a like-named job is not found, access is allowed (regardless of READ or WRITE values). This provides a way of extending protection to JCL members for jobs protected with a UID.

LAST=YES

Required. Code this keyword only on the last macro statement of the module. The value must be YES.

An assembler END statement must appear after the last USERID macro. We recommend that you place a PRINT NOGEN statement before the first USERID macro to suppress the macro expansion.