Steps to create the ICSF startup procedure

ICSF provides this job control language program. You can use this code as the basis for your startup procedure.

  1. Change or use the sample startup procedure according to your needs.
    1. In the sample code, the first line is the PROC statement. You can add one or more procedure variables to the PROC statement. For example, you can allow the system operator to decide at start time which member of the installation options data set to use. This example allows the operator to enter START CSF,M=CSFPRM00, specifying an alternate set of start-up options.
      //CSF  PROC M=CSFPRM00
      ⋮
      //CSFPARM DD DSN=MY.ICSF.PARM(&M),DISP=SHR

      You can use the same principle to change the name of a sequential data set, if you are not using a partitioned data set.

    2. The last line is the CSFPARM DD statement. The sample code specifies SYS1.PARMLIB as the data set where the installation options data set is stored. If you stored the installation options data set elsewhere, replace SYS1.PARMLIB with the name of the data set where you stored the installation options.
    3. The CSFPARM DD statement also specifies member CSFPRM00 as the name of the installation options data set. If you used a different name when you created the installation options data set (or any time you want to use other options), change this member name.
  2. Store your startup procedure in SYS1.PROCLIB (or another suitable library) with a member name of your choice. (Depending on installation standards, possible names include CSF, CSFPROD, and CRYPTO.)
  3. If you use Security Server (RACF), you may need to update the RACF Started Procedure Table if you define a new started task:
    1. Add the new started task name
    2. Add a RACF userid to associate with the started task. This userid requires that:
      • READ access to the data set to which the CSFPARM JCL DD statement refers
      • Define all CKDSs in every installation option data set.
      • Define all PKDSs in every installation option data set.
      See z/OS Security Server RACF System Programmer's Guide for more information.
    3. Optionally, you can add a RACF group name.
    Note: RACF uses the userid associated with the ICSF address space only when accessing the CKDS and PKDS named in the installation options data set and then only at ICSF startup. When you perform a CKDS or PKDS Refresh task by using the ICSF ISPF panels under TSO/E, RACF uses the TSO userid to determine access authorization. When the CKDS Refresh and PKDS Refresh tasks are a batch job, RACF uses the userid associated with the batch address space to determine access authorization.