Displaying the EP11 domain roles

Use the ICSF panels to display the enabled access control points for the Enterprise PKCS #11 coprocessor. All the access control points enabled will be listed.
  1. Select option 1, COPROCESSOR MGMT, on the ICSF Primary Menu panel.
  2. The Coprocessor Management panel appears. Refer to Figure 1.
    Figure 1. Coprocessor Management Panel
     CSFGCMP0 ---------------- ICSF Coprocessor Management -------------
     COMMAND ===> 
    
    Select the coprocessors to be processed and press ENTER.
    Action characters are: A, D, E, K, R, and S. See the help panel for details.
    
                   Serial
     CoProcessor   Number    Status               AES   DES   ECC   RSA    P11
     -----------  ---------  ------               ---   ---   ---   ----   ___
     __ 4P00      16BA6173   Active                                         A 
     __ 4C01      16BBP109   Master key incorrect  U     U     U     U        
     __ 4A02      N/A        Active                                           
     R  4P03      16BBP103   Active                                         A 
     __ 3C04      99001650   Active                A     A     A     A        
     __ 3C05      99001652   Active                A     A     A     A        
     __ 3A06      N/A        Active                                           
     __ 3C07      99002519   Master key incorrect  U     U     U     U        
     __ 3C08      91008972   Active                A     A     A     A        
     __ 3C09      90008301   Active                A     A     A     A        
     __ 4C14      16C35329   Active                A     A     A     A        
     __ 4P15      16C2H305   Active                                         A    
  3. Select the desired coprocessor by entering an 'R' to the left of the coprocessor. Press enter and the Status Display panel appears (Figure 2).
    Figure 2. CSFCMP30 — ICSF - Status Display
     CSFCMP30 ---------------- ICSF Status Display -------------
     COMMAND ===> 
    
      Enabled access control points from the default role for 4P03 domain 0
    
    Allow addition (activation) of Control Points                          
    Allow backend to save semi-retained keys                               
    Allow changes to key objects (usage flags only)                        
    Allow clear passphrases for password-based-encryption                  
    Allow clear public keys as non-attribute bound wrapping keys           
    Allow dual-function keys - digital signature and data encryption       
    Allow dual-function keys - key wrapping and data encryption            
    Allow dual-function keys - key wrapping and digital signature          
    Allow key derivation                                                   
    Allow keywrap without attribute-bindings                               
    Allow mixing external seed to RNG                                      
    Allow non-administrators to mark key objects TRUSTED                   
    Allow non-administrators to mark public key objects ATTRBOUND          
    Allow non-BSI algorithms (as of 2009)                                  
    Allow non-BSI algorithms (as of 2011)                                  
    Allow non-FIPS-approved algorithms (as of 2011)                        
    Allow removal (deactivation) of Control Points                         
    Allow wrapping of stronger keys by weaker keys                       

For the Access Control Points that are available on the Enterprise PKCS #11 coprocessor, see PKCS #11 Coprocessor Access Control Points in z/OS Cryptographic Services ICSF Writing PKCS #11 Applications.