Optionally including the target rule name in the checked entity

By default the security validation of the Control-O XAM DORULE action does not restrict users from invoking only specific target rules. If such restriction is required, use the option to include the target rule name in the checked entity (in extended definition mode). This option is controlled by parameter ADDRULNM in the SECPARM parameter member.

When ADDRULNM=N (default) the checked entity is:

$$CTOXAM.qname.TYPE3RUL (default).

When ADDRULNM=Y the checked entity is:

$$CTOXAM.qname.TYPE3RUL.rulename (where rulename is the target rule name of the DORULE action).

To set the option for including the target rule name in the checked entity

1. Invoke ICE.
2. On the ICE Main screen, select "Customization".
3. Select Product "CTO", "Security Customization".
4. Select step 1.2 "Customize Security Parameters".
5. Set parameter ADDRULNM to either Y or N.
6. Recreate SECPARM with a new parameter by selecting the step 1.3 "Save Security Parameters into Product".

   APAR BO10168 is needed for this option.

To permit USERA to set a local variable using the XAM interface, use the appropriate command.

For RACF:

PERMIT $$CTOXAM.qname.TYPE2* ACCESS(READ) ID(USERA) CLASS(FACILITY)

For TopSecret:

TSS PERMIT(USERA) IBMFAC($$CTOXAM.qname.TYPE2) ACCESS(READ)

For ACF2/SAF:

SET RESOURCE(CMF)
COMP
$KEY($$CTOXAM.qname.TYPE2*************) TYPE(CMF)
UID(USERA) ALLOW