DEFMCHKM

When choosing a definition mode as COND to any of the Control‑M security modules, use qname together with the value given to this parameter as the high level qualifier, to determine the real definition mode to be used.

LIFETIME

This parameter determines whether a security cache is used during the job submission process. This cache allows checking the authorization against a cache instead of the security system, resulting in improved performance. The cache is created by the exit CTMSE02. The value specified for this parameter defines how frequent the cache is refreshed. The value is specified in minutes. The valid range of values is from 0 to 1440. Default: 0 - meaning that no cache is used.

SECTOLM

This parameter determines the action to perform if your security product is inactive or a specific resource is not defined in the security product. Valid values are:

• YES — Perform the action.
• NO — Do not perform the action.

MSUBCHK

This parameter determines whether Control‑M submits jobs that already contain the USER parameter or //*JOBFROM statement in the job card. Valid values are:

• YES — If Control‑M attempts to submit a job and the job statement already contains the USER parameter or //*JOBFROM, check the job definition owner’s authority to the JCL USER. Default.
• NO — Reject the submission if the JCL JOB statement contains the USER parameter, and the owner ID of the job definition is not the same as the value specified in parameter USER or //*JOBFROM (for ACF2 users).

PROTAUTO

This parameter protects the AUTO command.

Valid values are:

• YES — Users need permission to use the AUTO command.
• NO — The AUTO command is unrestricted. Default.

The AUTO command allows you to put certain screens into 'AutoRefresh Mode'. If you set PROTAUTO=Y, then Users need permission ($$CTMAUTO.qname) to enter AutoRefresh Mode and CTM Security Exit 8 (CTMSE08) will check for it. Otherwise, the AUTO command is unrestricted. Some customers prefer to protect it, since AutoRefresh can use a lot of cycles, and some Users have a tendency to leave it active.

RACJCARD

For RACF. This parameter determines whether Control‑M adds USER and GROUP parameters to submitted jobs if they do not exist. Valid values are:

• U — Add a USER parameter to the submitted job card.
• G — Add both USER and GROUP parameters to submitted jobs, where the GROUP is the RACF default group of the user.
• N — Do not add USER or GROUP parameters.

TSSJCARD

For TopSecret. This parameter determines whether Control‑M adds the USER parameter to submitted jobs if it does not exist. Valid values are:

• U — Add the USER parameter to the submitted job card.
• N — Do not add the USER parameter.

SAFJCARD

For ACF2. This parameter determines whether Control‑M adds the USER parameter or //*JOBFROM statement to submitted jobs if they do not exist. Valid values are:

• U — Add the USER parameter to the submitted job statement.
• J — Add a //*JOBFROM statement to the submitted job.
• L – Add a //*LOGONID statement to the submitted job.
• S — Add a //*JOBFROM userid/ctm-stc-name statement to the submitted job.
• N — Do not add the USER parameter or //*JOBFROM statement.

  Table 33 Mode Definition

Mode Definition

Definition mode for the Control‑M security modules. Valid values are:

• COND — Conditional Definition mode. Default.
• BASIC — Basic Definition mode.
• EXTEND — Extended Definition mode.

DFMM01

Definition mode for the CTMSE01 Control‑M security module.

DFMM02

Definition mode for the CTMSE02 Control‑M security module.

DFMM08

Definition mode for the CTMSE08 Control‑M security module.

DFMW02

Definition mode for the CTWSE02 Control‑M security module.