The entity used to check authorization depends on the user request:
$$xxxxxx.qname.groupname.jobname
where
xxxxxx contains a maximum of six letters that define the request:
Table 71 CTBSE04 Request Parameters
Request |
Description |
---|---|
FRMCNF |
Confirm use of display type |
RECCNF |
Confirm display of each invocation |
VIEW |
View Invocation Database variables |
LOG |
View Invocation log |
REPORT |
View Invocation report |
Print Invocation report |
|
ROLL |
Rollback of invocation |
groupname contains the first letters (maximum: 16) of the requested group name.
jobname contains the requested job name.
For example, to permit USERA to view the log of the invocation for job M999XPRD in group PRODGROUP, use the following commands:
For RACF:
RDEFINE FACILITY $$LOG.qname.PRODGROUP.M999XPRD UACC(NONE)
PERMIT $$OLOG.qname.PRODGROUP.M999XPRD CLASS(FACILITY) ID(USERA) ACCESS(READ)
For TopSecret:
TSS PERMIT(USERA) IBMFAC($$LOG.qname.PRODGROUP.M999XPRD) ACC(READ)
For ACF2/SAF:
SET RESOURCE(CMF)
COMP
$KEY($$LOG.qname.PRODGROUP.M999XPRD)
UID(USERA) ALLOW
When an attempt is made to execute any of these commands, the CTBSE04 security module is called to check if the command must be executed. In this case, this security module does not perform security checks for each line of the screen. For performance reasons, the check on each screen line is not performed.
Parent Topic |