The CTOSE10 Control‑O security module supports protection of Control-O rule triggering. CTOSE10 is invoked before triggering a rule to check if the user who issued the triggering event (message, command, and so on) is authorized to trigger the rule.
There is no security exit CTOX010 and there is no distinction between basic and extended security mode.
CTOSE10 will be invoked if the feature is enabled (variable DFMO10 set to PROD or TEST, as described in Class name customization) and the rule includes the following statement anywhere in the rule:
DO SET = %%PROTRULE=Y
The entity name that represents the rule and which is protected by SAF (for example, RACF) is constructed as follows:
$$CTOSRL.ioaqname.rule-name.type.table.dsn
where
COMMAND
DSNEVENT
MESSAGE
CTOPCMSG
JOBARRIV
STRING
JOBEND
STEP
OMEGAEXP
SYSOUT
RULE
MVALARM
SMS
The constructed entity name is not necessarily unique, since it is possible to define multiple rules in the same table with the same first ON statement
Parent Topic |