External security concepts
The Classic Interface supports external security for all modes of operation.
You can use external security for the logon and for commands. When using external security, you can log on to the Classic Interface only if you are allowed to access the INITIAL resource name.
You can use a resource name of INITIAL0, INITIAL1, INITIAL2, or INITIAL3 to allow logon to the Classic Interface and set the internal security level to 0, 1, 2, or 3, respectively.
When you issue a command, the Classic Interface performs an external security check to see if the following conditions are met:
- The name of the user exit module is specified in the security table.
- An external security exit routine is located and loaded.
- External security is specified for the issued command in the security table by using the COMMAND control statement with the EXTERNAL=YES keyword setting.
- For VTAM® mode, the library that contains the KOBVTAM load module is APF-authorized.
If any commands are specified for external security checking and if an exit routine is not found, the Classic Interface recognizes a possible security exposure and disables those commands with an internal security level of 0 for the session. Commands with a level of 1, 2, or 3 run only after you enter the internal password.