Updating the security table
You can update the security table for internal and external security.
About this task
To update the security table, perform these steps:
Procedure
Results
Examples
This example shows the provided sample JCL that you can modify according to the needs of your system.
It resides in the data set &rhilev.&rte.RKD2SAM(KOBSUPDT), where &rhilev.&rte is the high-level qualifier of your runtime environment.
//SECURITY JOB ,
//STEP1 EXEC PGM=KOBSUPDT,PARM=KO2OCMDB
//STEPLIB DD DSN=&rhilev.&rte.RKANMOD,DISP=SHR
//SYSLIB DD DSN=&rhilev.&rte.RKANMOD,DISP=SHR
//SYSPRINT DD SYSOUT=*
//SYSIN DD DSN=&rhilev.&rte.RKD2SAM(O2SUPDI),DISP=SHR
//
where:
- PARM=
- Identifies the load module that contains the security table of the Classic Interface.
- STEPLIB
- Specifies the name of the load library where KOBSUPDT resides.
- SYSLIB
- Specifies the name of the library where KO2OCMDB resides.
- SYSPRINT
- Specifies the print output for the reports that the security program produces.
- SYSIN
- Specifies the name of the data set that contains the control statements.
This example shows the control statements that are used to update the security table.
Member O2SUPDI in the &rhilev.&rte.RKD2SAM data set contains these control statements:
COMMAND=PEEK LEVEL=1
COMMAND=.DSA,LEVEL=3,EXTERNAL=YES,AUDIT=WTO
COMMAND=MLST,EXTERNAL=YES
COMMAND=XMZP,LEVEL=DISABLE,AUDIT=BOTH
COMMAND=XMLS,LEVEL=2
MINOR=JOBS,LEVEL=2
COMMAND=/SAVE,LEVEL=1,AUDIT=NONE
MODULE=MYSECURE
SMFNUM=233
LIST=YES
UPDATE=NO
The command control statements in this example result in these settings for the commands of the Classic Interface:
- PEEK
- A user who has specified the internal security level 1 password or higher can execute PEEK and its minor commands. The Classic Interface does not perform external security checking.
- .DSA
- The Classic Interface performs external security checking and writes a message on the master console when .DSA is invoked. If external security is unavailable, only a user who specifies the internal security level 3 password can execute .DSA.
- MLST
- The Classic Interface performs external security checking but no auditing.
- XMZP
- The command cannot be executed. The Classic Interface writes a message on the master console and writes an SMF record when XMZP is issued. There is no external security checking.
- XMLS
- A user who has specified either the level 2 or level 3 internal security password can execute XMLS.
- JOBS
- This is a minor command of the PEEK command. In the example, the PEEK is specified as a level 1 authorized command. The LEVEL=2 setting on the JOBS command specifies that only level 2 or 3 users can access it.
- /SAVE
- A user who has specified the level 1 password, the level 2 password, or the level 3 password can execute the /SAVE command. It is not audited.
The remaining command control statements in this example result in these settings:
- MODULE
- MYSECURE is the name of the module that contains the security exit routine.
- SMFNUM
- The SMF ID is set to 233.
- LIST
- YES indicates that the Classic Interface produces a listing.
- UPDATE
- NO indicates that the Classic Interface does not update the security table. This is a trial run.