Security for Time-Controlled Operations

There are two ways that you can implement security for Time-Controlled Operations (TCO): by restricting the users (LTERMs) that can load a TCO script, and by restricting the IMS commands that a loaded TCO script can issue.

To restrict the LTERMs that can load a TCO script, modify the TCO CNT Edit exit routine (DFSTCNT0) without changing its name. IMS always calls DFSTCNT0 when a TCO script is loaded and, by default, DFSTCNT0 does not restrict the LTERMs.

To restrict the IMS commands that a TCO script can issue, specify A or S on the RCF execution parameter and Y on the TCORACF execution parameter in your startup procedure. IMS calls RACF® and, if it exists, the Command Authorization exit routine (DFSCCMD0).

Finally, you must include /SIGN ON and /SIGN OFF commands at the beginning and end of the script, respectively. The user ID that is signed on at the beginning of the script is checked for authorization to the commands that the script issues.

Or specify the TCOUSID or SIGNTCO parameter in the DFSDCxxx PROCLIB member to let IMS sign on the TCO terminal at restart time.