SET SECDISCOVERY
6.2 and later Applies to 6.2 and later.
Controls the behavior of CICS® security discovery.
Syntax
Activate security checks on commands by specifying the XCMD system initialization parameter and by ensuring that command security checking is active for the transaction (either by specifying CMDSEC(YES) on the TRANSACTION resource definition or by specifying ALWAYS on the CMDSEC system initialization parameter).
Conditions: INVREQ, NOTAUTH
NOHANDLE, RESP, and
RESP2 are common options that can be added to all EXEC CICS
commands to process error conditions. They are not explicitly included in the command syntax diagram
and option descriptions. For information about these common options and EXEC CICS
command syntax, see EXEC CICS command format and programming considerations. For more information
about the use of CVDAs, see CICS-value data areas (CVDAs).
Description
Use the SET SECDISCOVERY command to activate or deactivate CICS security discovery, or to set the resource classes whose access requests are to be discovered.
You can change the set of resource access requests that are to be discovered while security discovery is active. In this case, the change takes effect immediately.
If security discovery is not active, the updates take effect only when SET SECDISCOVERY ON is issued.
Transaction access requests that are governed by the XTRAN system initialization parameter are always discovered when security discovery is active. Therefore, you cannot specify a TRAN option on SET SECDISCOVERY because it's always set to be discovered.
When CICS is initialized, security discovery is deactivated and all the options controlling the discovery of the resource access requests are set to NODISCOVER. The exception is
transaction access requests, which are always set to be discovered.
NO. For example,
SET SECDISCOVERY FCT(DISCOVER) allows resource access requests relating to files
to be discovered even if the XFCT system initialization
parameter is set to NO.Options
- STATUS(cvda)
- Specifies whether security discovery is active or not. CVDA values are as follows:
- ON
- Activate security discovery.
- OFF
- Deactivate security discovery.
- DISCOVERALL
- Specifies that all resource access requests are to be discovered.
- CMD(cvda)
- Specifies whether resources protected by the XCMD system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- DB2(cvda)
- Specifies whether resources protected by the XDB2 system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- DCT(cvda)
- Specifies whether resources protected by the XDCT system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- FCT(cvda)
- Specifies whether resources protected by the XFCT system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- HFS(cvda)
- Specifies whether resources protected by the XHFS system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- JCT(cvda)
- Specifies whether resources protected by the XJCT system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- PCT(cvda)
- Specifies whether resources protected by the XPCT system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- PPT(cvda)
- Specifies whether resources protected by the XPPT system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- PSB(cvda)
- Specifies whether resources protected by the XPSB system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- RES(cvda)
- Specifies whether resources protected by the XRES system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- TST(cvda)
- Specifies whether resources protected by the XTST system
initialization parameter are to be discovered. Only temporary storage queue requests that have a
matching TSMODEL definition or temporary storage table (TST) entry will be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
- USER(cvda)
- Specifies whether resources protected by the XUSER system
initialization parameter are to be discovered. If security
discovery is active, the change takes effect immediately. Otherwise, a SET SECDISCOVERY
ON command is required for the change to take effect. CVDA values are as follows:
- DISCOVER
- Discover resource access requests.
- NODISCOVER
- Do not discover resource access requests.
Conditions
- INVREQ
- RESP2 values:
- 1
- STATUS has an invalid CVDA value.
- 2
- CMD has an invalid CVDA value.
- 3
- DB2 has an invalid CVDA value.
- 4
- DCT has an invalid CVDA value.
- 5
- FCT has an invalid CVDA value.
- 6
- HFS has an invalid CVDA value.
- 7
- JCT has an invalid CVDA value.
- 8
- PCT has an invalid CVDA value.
- 9
- PPT has an invalid CVDA value.
- 10
- PSB has an invalid CVDA value.
- 11
- RES has an invalid CVDA value.
- 12
- TST has an invalid CVDA value.
- 13
- USER has an invalid CVDA value.
- 6.3 14
- CICS is running with SEC=NO.
- 6.3 15
- CICS is running with XTRAN=NO.
- NOTAUTH
- RESP2 value:
- 100
- The user associated with the issuing task is not authorized to use this command.