Module CTOSE10

The CTOSE10 Control‑O security module supports protection of Control-O rule triggering. CTOSE10 is invoked before triggering a rule to check if the user who issued the triggering event (message, command, and so on) is authorized to trigger the rule.

There is no security exit CTOX010 and there is no distinction between basic and extended security mode.

CTOSE10 will be invoked if the feature is enabled (variable DFMO10 set to PROD or TEST, as described in Class name customization) and the rule includes the following statement anywhere in the rule:

DO SET =  %%PROTRULE=Y

The entity name that represents the rule and which is protected by SAF (for example, RACF) is constructed as follows:

$$CTOSRL.ioaqname.rule-name.type.table.dsn

where

• ioaqname is the IOA QNAME of the installation
• rule-name is the name of the rule which is taken from the first ON statement in the rule
• type is the rule type and can be of the following:

  COMMAND

  DSNEVENT

  MESSAGE

  CTOPCMSG

  JOBARRIV

  STRING

  JOBEND

  STEP

  OMEGAEXP

  SYSOUT

  RULE

  MVALARM

  SMS

• table is the rules table (member) name
• dsn is the rules library name

  The constructed entity name is not necessarily unique, since it is possible to define multiple rules in the same table with the same first ON statement