Basic Definition Mode

The CTDSE24 security module retrieves security definitions from the Recipient Tree. The administrator can authorize Control‑D/Page On Demand users to view mainframe reports by adding the appropriate mainframe logon ID to the AUTHORIZE field in the recipient definitions in the Recipient Tree. These authorizations enable Control‑D/Page On Demand users to see the reports of these recipients using Control‑D/Page On Demand. For more information, see the Recipient Definition screen in the online facilities chapter of the Control‑D and Control V User Guide.

When a mainframe logon ID is entered in the AUTHORIZE field of a recipient definition, the authorized Control‑D/Page On Demand user can view all the reports of that recipient and descendants in the Recipient Tree. The same mainframe logon ID can be entered in the AUTHORIZE field of more than one recipient in the Recipient Tree.

The following rules apply to mainframe logon IDs entered in the AUTHORIZE field in a recipient definition:

The specified logon ID is treated as a prefix if optional Wish WD2564 is set to YES in member IOADFLTC in the IOA MAC library.
The specified mainframe logon ID can contain a number of "?" characters. This wildcard character indicates any single character.

Access a Report from Control‑D/Page On Demand

When the user requests an action (view, print) on a certain report, the entity checked is $$CTDASR.qname.userid, where userid is the user name related to the report being accessed.

There is no distinction between the different actions that can be specified. The user is either allowed to perform any valid action with the report or completely denied access to the report.

To permit USERA (the mainframe logon ID) to perform actions to the reports of USERB (the Control‑D recipient name), use the following command:

For RACF:

RDEFINE FACILITY $$CTDASR.qname.USERB UACC(NONE)
PERMIT $$CTDASR.qname.USERB ACCESS(READ) ID(USERA) CLASS(FACILITY)

For TopSecret:

TSS PERMIT(USERA) IBMFAC($$CTDASR.qname.USERB) ACC(READ)

For ACF2/SAF:

SET RESOURCE(CMF)
COMP
$KEY($$CTDASR.qname.USERB) TYPE(CMF)
UID(USERA) ALLOW

Limit Immediate Print of Reports

When the user requests immediate print, and the report contains more than the minimum number of pages specified in parameter DPAGMIN, the following entity is checked to verify that the user is authorized to send the number of pages contained in the report to the printer:

Table 55 Print Limits

Entity	Description
$$PGASRIII	Checked when the number of pages is greater than parameter DPAGMIN and less than or equal to parameter DPAGMID.
$$PGASRII	Checked when the number of pages is greater than parameter DPAGMID and less than or equal to parameter DPAGMAX.
$$PGASRI	Checked when the number of pages is greater than parameter DPAGMAX.

For RACF:

To allow USERA to immediately print a report of any size, use the following commands:

RDEFINE FACILITY $$PGASRI UACC(NONE)
PERMIT $$PGASRI CLASS(FACILITY) ID(USERA) ACCESS(READ)

To permit USERA to print reports that do not exceed the number of pages specified in parameter DPAGMAX, use the following commands:

RDEFINE FACILITY $$PGASRII UACC(NONE)
PERMIT $$PGASRII ID(USERA) CLASS(FACILITY) ACCESS(READ)

For TopSecret:

To allow USERA to immediately print a report of any size, use the following commands:

TSS PERMIT(USERA) IBMFAC($$PGASRI) ACC(READ)

For ACF2/SAF:

To allow USERA to immediately print a report of any size, use the following commands:

SET RESOURCE(CMF)
COMP
$KEY($$PGASRI) TYPE(CMF)
UID(USERA) ALLOW

Parent Topic

Module CTDSE24