ICSF provides
this job control language program. You can use this code as the basis
for your startup procedure.
- member CSF in SYS1.SAMPLIB
//CSF PROC
//CSF EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT
//CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM00),DISP=SHR
Store
this startup PROC in SYS1.PROCLIB (or another suitable library).
- Change or use the sample startup procedure
according to your needs.
- In the sample code, the first line is the PROC statement. You
can add one or more procedure variables to the PROC statement. For
example, you can allow the system operator to decide at start time
which member of the installation options data set to use. This example
allows the operator to enter START CSF,M=CSFPRM00, specifying an alternate
set of start-up options.
//CSF PROC M=CSFPRM00
⋮
//CSFPARM DD DSN=MY.ICSF.PARM(&M),DISP=SHR
You
can use the same principle to change the name of a sequential data
set, if you are not using a partitioned data set.
- The last line is the CSFPARM DD statement. The sample code specifies
SYS1.PARMLIB as the data set where the installation options data set
is stored. If you stored the installation options data set elsewhere,
replace SYS1.PARMLIB with the name of the data set where you stored
the installation options.
- The CSFPARM DD statement also specifies member CSFPRM00 as the
name of the installation options data set. If you used a different
name when you created the installation options data set (or any time
you want to use other options), change this member name.
- Store your startup procedure in SYS1.PROCLIB (or another suitable
library) with a member name of your choice. (Depending on installation
standards, possible names include CSF, CSFPROD, and CRYPTO.)
- If you use Security Server (RACF), you may need to update the
RACF Started Procedure Table if you define a new started task:
- Add the new started task name
- Add a RACF userid to associate with the started task. This userid
requires that:
- READ access to the data set to which the CSFPARM JCL DD statement
refers
- Define all CKDSs in every installation option data set.
- Define all PKDSs in every installation option data set.
See z/OS Security Server RACF System Programmer's Guide for
more information.
- Optionally, you can add a RACF group name.
Note: RACF uses the userid associated with the ICSF address
space only when accessing the CKDS and PKDS named in the installation
options data set and then only at ICSF startup.
When you perform a CKDS or PKDS Refresh task by using the ICSF ISPF
panels under TSO/E, RACF uses the TSO userid to determine access authorization.
When the CKDS Refresh and PKDS Refresh tasks are a batch job, RACF
uses the userid associated with the batch address space to determine
access authorization.