COMMAND control statement

This control statement protects the name of a major, immediate, or INFO-line command of the Classic Interface. Minor commands are protected at the major command level unless the MINOR control statement is specified.

Purpose

When you update an INFO-line command, you must use the actual command name and not its alias. The Classic Interface automatically assigns the same protection attributes to all aliases of the command.

The Classic Interface does not check for multiple COMMAND control statements for the same command in the same run. It processes the last COMMAND control statements for the command.

Format

The format of the COMMAND control statement is:

COMMAND=
{cccc|.ccc|/cccccc}
[,LEVEL={0|1|2|3|DISABLE}]
[,EXTERNAL={YES|NO}]
[,AUDIT={WTO|SMF|BOTH|NONE}]

where cccc, .ccc, or /cccccc is the name of the Classic Interface command that should be audited.

To have the control statement edit listing show the current security settings for a command, enter a COMMAND=cccc, =.ccc, or =/cccccc control statement without additional operands.

Keywords

LEVEL
Specifies the internal security level to be associated with this command.
Level 0
Allows the command to execute without an internal security check.
Levels 1, 2, and 3
Specify that the command executes only if you have previously entered the corresponding password for that level or for a higher level by using the /PWD INFO-line command.
DISABLE
Specifies that the Classic Interface should never execute the command.

You can audit attempts to execute the command for the session, but you cannot specify internal or external security.

EXTERNAL
Specifies if an external security package checks this command.
YES
The external security package checks the command unless you specify LEVEL=DISABLE.

If no exit routine is available, the Classic Interface disables the command for the session if the command security level is 0.

If the command security level is 1, 2, or 3, internal security is used by default.

NO
The external security package does not check the command.

If you change EXTERNAL=YES to EXTERNAL=NO, you must run the security update program before the change comes into effect.

AUDIT
Specifies if the Classic Interface audits the command when a user invokes it.

If you specify an audit for a disabled command, you are notified of attempts to execute it.

Possible values are:

NONE
Specifies that commands are not audited. This is the default setting.
WTO
Produces a one-line message on the master console.
SMF
Specifies that the Classic Interface writes an SMF record.

The SMF record must be specified in the SMFNUM control statement.

If the SMF audit cannot be performed, the Classic Interface uses a WTO audit by default.

BOTH
Specifies that the Classic Interface issues a WTO message to a console and writes an SMF record.