|
|
|
|
|
The RUNTSEC parameter is used by the Control-O security interface for interaction with external security products, such as RACF, TOP SECRET, and ACF2.
Control-O security checks are carried out in two stages:
At order time, security checks are carried out to ascertain whether the owner of the rule, as specified in the OWNER subparameter, is authorized to request each of the rule statements.
At runtime, additional security checks are carried out to determine whether the user who owns the rule (when RUNTSEC is set to OWNER) or the user who triggered the rule (when RUNTSEC is set to TRIGGER) is authorized to execute each DO COMMAND, DO COND, DO TSO, DO KSL, DO SHELL, DO FORCEJOB statement to be executed in the rule.
Note: If runtime security is active for a rule (RUNTSEC is set to OWNER or TRIGGER), the operator commands issued by a DO COMMAND will always be issued by the Control-O monitor and not under the same address space as the message or command that triggered the rule. For more information, see "Issuing a Command" in General Information.
Parent Topic |