Access Control Points

If an access control point is disabled, the corresponding ICSF utility will fail during execution with an access denied error.

The table includes the following columns:
Name
The descriptive name of the access control point. This is the name used when displaying the ICSF role from the ICSF Coprocessor Management panel.
Utility
The utility that requires this access control point to be enabled for operation. The name is the CSFSERV profile name that controls the utility
Usage
The following abbreviations and symbols are used in this table:

AE - Always enabled, cannot be disabled
ED - Enabled by default
DD - Disabled by default

Table 1. Access control points and associated utilities
Name Utility Usage
Authorize UDX CSFUDM AE
AES Master Key - Clear new master key register CSFDKCS ED
AES Master Key - Combine key parts CSFDKCS ED
AES Master Key - Load first key part CSFDKCS ED
AES Master Key - Set master key CSFDKCS AE
CKDS Conversion2 - Allow use of REFORMAT CSFCNV2 ED
CKDS Conversion2 - Allow wrapping override keywords CSFCNV2 ED
CKDS Conversion2 - Convert from enhanced to original CSFCNV2 ED
DES Master Key - Clear new master key register CSFDKCS ED
DES Master Key - Combine key parts CSFDKCS ED
DES Master Key - Load first key part CSFDKCS ED
DES master key – 24-byte key CSFDKCS DD, SC
DES Master Key - Set master key CSFDKCS AE
ECC Master Key - Clear new master key register CSFDKCS ED
ECC Master Key - Combine key parts CSFDKCS ED
ECC Master Key - Load first key part CSFDKCS ED
ECC Master Key - Set master key CSFDKCS AE
Operational Key Load CSFOPKL ED
Operational Key Load - Variable-Length Tokens CSFOPKL ED
PCF CKDS Conversion - Allow wrapping override keywords CSFCONV ED
PCF CKDS Conversion Program CSFCONV ED
Reencipher CKDS CSFRENC AE
Reencipher CKDS2 CSFRENC AE
Reencipher PKDS CSFPKDR AE
RSA Master Key - Clear new master key register CSFDKCS ED
RSA Master Key - Combine key parts CSFDKCS ED
RSA Master Key - Load first key part CSFDKCS ED
RSA Master Key - Set master key CSFDKCS AE
The following abbreviations and symbols are used in this table:

AE    Always enabled, cannot be disabled

ED    Enabled by default.

DD    Disabled by default.

SC     Usage of this access control point requires special consideration.

Note: If the ICSF role has been changed via the TKE workstation, all new access control points are disabled by default.