ZS - Security options
This reference topic describes how to specify the security options that should be in effect.
The control statement format for specifying security options is:
ZS <kwd=value> Multiple <kwd=value> specifications can be
made on one control statement.
The following keyword parameters can be specified:
- DYNAOPTS=
- Specify one of the following options for securing dynamic terminals:
- DYNAOPTS=RACF® (use RACF, or IMS default if RACF is not active)
- DYNAOPTS=DFSCCMD1 (use installation exit)
- DYNAOPTS=SECGROUP (use security group lookup)
- STATOPTS=
- Specify one of the following options for securing static terminals:
- STATOPTS=RACF (use RACF, or IMS default if RACF is not active)
- STATOPTS=DFSCCMD1 (use installation exit)
- STATOPTS=SECGROUP (use security group lookup)
- LU62OPTS=
- Specify one of the following options for securing LU 6.2 devices:
- LU62OPTS=RACF (use RACF, or IMS default if RACF is not active)
- LU62OPTS=DFSCCMD1 (use installation exit)
- LU62OPTS=SECGROUP (use security group lookup)
- LU61OPTS=
- Specify one of the following options for securing LU 6.21 (ISC)
devices:
- LU61OPTS=RACF (use RACF, or IMS default if RACF is not active)
- LU61OPTS=DFSCCMD1 (use installation exit)
- LU61OPTS=SECGROUP (use security group lookup)
- OTMAOPTS=
- Specify one of the following options for securing OTMA devices:
- OTMAOPTS=RACF (use RACF, or IMS default if RACF is not active)
- OTMAOPTS=DFSCCMD1 (use installation exit)
- OTMAOPTS=SECGROUP (use security group lookup)
- ICMDOPTS=
- Specify one of the following options for securing ICMD-interface
commands:
- ICMDOPTS=RACF (use RACF, or IMS default if RACF is not active)
- ICMDOPTS=DFSCCMD1 (use installation exit)
- ICMDOPTS=SECGROUP (use security group lookup)
- CMDOPTS=
- Specify one of the following options for securing AOI programs
that issue the IMS CMD call:
- CMDOPTS=RACF (use RACF, or IMS default if RACF is not active)
- CMDOPTS=DFSCCMD1 (use installation exit)
- CMDOPTS=SECGROUP (use security profile lookup)
- CMD1WTOR=
- Specify whether exit routine DFSCCMD1 is called for commands that
are entered using Write To Operator with Reply (WTOR).
- Y
- Exit routine DFSCCMD1 is called for commands that are entered using WTOR. Authorization to the command is determined by exit routine DFSCCMD1.
- N
- Exit routine DFSCCMD1 is not called for commands that are entered using WTOR. IMS ETO Support allows access to all commands from the WTOR.
- CMD1MTO=
- Specify whether exit routine DFSCCMD1 is called for commands that
are entered from the IMS Master
Terminal Operator (MTO).
- Y
- Exit routine DFSCCMD1 is called for commands that are entered from the MTO. Authorization to the command is determined by exit routine DFSCCMD1.
- N
- Exit routine DFSCCMD1 is not called for commands that are entered from the MTO. IMS ETO Support allows access to all commands from the MTO.
- CMD1TCO=
- Specify whether exit routine DFSCCMD1 is called for commands that
are entered from Time Controlled Operations (TCO).
- Y
- Exit routine DFSCCMD1 is called for commands that are entered from TCO. Authorization to the command is determined by exit routine DFSCCMD1.
- N
- Exit routine DFSCCMD1 is not called for commands that are entered from TCO. IMS ETO Support allows access to all commands from TCO.
- CMD1EMCS=
- Specify whether exit routine DFSCCMD1 is called for commands that
are entered from Multiple Console Support (MCS) or Extended Multiple
Console Support (EMCS) consoles.
- Y
- Exit routine DFSCCMD1 is called for commands that are entered from MCS or EMCS consoles. Authorization to the command is determined by exit routine DFSCCMD1.
- N
- Exit routine DFSCCMD1 is not called for commands that are entered from MCS or EMCS consoles. IMS determines authorization to the command.
- ECMDKWDS=
- Specify whether enhanced command+keyword security is to be active:
- Y
- Enhanced command+keyword security is to be active.
- N
- Enhanced command+keyword security is not to be active.
- TRANLTRM=
- Specify whether RACF ETV
is active for Transaction/LTERM authorization.
- Y
- IMS ETO Support performs a RACF call to verify that the LTERM that is attempting the transaction is authorized to process this transaction.
- N
- IMS ETO Support does not perform RACF calls for Transaction/LTERM authorization.
- TRANPSWD=
- Specify whether RACF ETV
is active for Transaction/PASSWORD authorization.
- Y
- IMS ETO Support performs a RACF call to verify that the proper PASSWORD was entered for the entered transaction.
- N
- IMS ETO Support does not perform RACF calls for Transaction/PASSWORD authorization.
- SUPPICH=
- Specify whether RACF error
message ICH408I is displayed in the IMS control
region for failed ETV authorization. The SUPPICH= parameter applies
only when either TRANLTRM or TRANPSWD are active.
- Y
- RACF ICH408I error messages is suppressed.
- N
- RACF ICH408I error messages are displayed in the IMS control region for failed ETV accesses. This value has an impact only when either TRANLTRM or TRANPSWD are active.
Note: If IMS ETO Support MATRIX ETV is active, this option is used to determine whether message IZT0008I should be suppressed for authorization failures. - RACFPREFIX=
- Specify the prefix name of the RACF rule that is used for ETV processing. You must specify the name as 4 characters (A-Z, 0-9, #, @, or $) and the name is valid only if either TRANLTRM or TRANPSWD are also active.
- ETOSMATRIX=
- Specify whether ETOS MATRIX ETV is active for Transaction/LTERM
authorization.
- Y
- IMS ETO Support performs a matrix lookup to verify that the LTERM that is attempting the transaction is authorized to process this transaction.
- N
- IMS ETO Support will not perform a matrix lookup for transaction/LTERM authorization.
Example:
ZS DYNAOPTS=RACF ECMDKWDS=Y