The entity name may exceed 39 characters, and therefore a class that supports a higher limit should be used instead of the FACLITY class. The XFACILIT class is used as the default class. The class name can be customized by setting parameter IOAXCLASS as follows:
Enter ICE and select Customization.
In the Customization window, set the Product to IOA and select Security Customization.
Press Enter to display the Major Steps Selection screen.
Select major step 1, "Implement IOA Security."
Select minor step 2, "Customize Security Parameters."
To activate rule protection
If not yet applied, apply IBM APAR OA10774, which supports the XFACILIT class on z/OS systems earlier than V1R7.
Add the following to each rule that should be protected:
DO SET= %%PROTRULE=YGLOBAL N
Grant READ authorization to the appropriate entities who represent the protected rules, to the users that are allowed to trigger them.
Customize the DFMO10 variable as follows:
Enter ICE and select Customization.
In the Customization window, set the Product to CTO and select Security Customization.
Press Enter to display the Major Steps Selection screen.
Select major step 1, "Implement Control-O Security."
Select minor step 2, "Customize Security Parameters."
The following values can be specified for DFMO10:
NO – disables the feature (default)
TEST – in TEST mode, the authorization is checked and RACF error messages are issued if the user is not authorized, but the rule is still invoked
PROD – enables the feature
Stop and then restart the Control-O or CTMCMEM monitor, or start a new monitor and issue the following command: