Space banner

   

This space provides the same content as before, but the organization of the home page has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Understanding message and diagnostic options

Each option that is listed in the DIAGMSG view represents a MainView diagnostic mode with a characteristic scope and a set of associated messages that can be issued if the mode is active.

Valid MainView diagnostic or message modes are described in following table.

Mode

Description

GXDM

Global Extended Diagnostic Mode

Global Extended Diagnostic Mode extends Extended Diagnostic Mode (XDM) monitoring to the entire MainView subsystem, which includes the CAS and all connected product and user address spaces.

GXDM mode is set by the XDM=Y parameter of the CAS started task procedure.

Extended Diagnostic Mode initiates additional internal diagnostic and validation procedures. It is not recommended for normal MainView operation. In addition, Extended Diagnostic Mode causes all Extended Message Mode messages to be issued in the same manner as the GXDM option.

LXDM

Local Extended Diagnostic Mode

Local Extended Diagnostic Mode sets monitoring conditions for the current CAS, PAS, or UAS. Local Extended Diagnostic Mode issues all Extended Message Mode messages similar to the LEMM option.

Local Extended Diagnostic Mode initiates additional internal diagnostic and validation activity. It is not recommended for normal MainView operation.

GEMM

Global Extended Message Mode

Global Extended Message Mode sets monitoring conditions for diagnostic messages issued by the CAS and any connected address space, such as a PAS or a UAS.

Global Extended Message Mode issues standard diagnostic messages similar to the GXDM option.

LEMM

Local Extended Message Mode

Local Extended Message Mode sets monitoring conditions for diagnostic messages issued by the current address space.

Standard security diagnostic messages that are controlled by LSEMM mode are a subset of LEMM messages. Therefore, LSEMM messages are issued when LEMM mode is active, regardless of LSEMM status.

Likewise, when LEMM mode is active, you cannot disable standard security messages by disabling the LSEMM option.

LSEMM

Local Security Extended Message Mode

Local Security Extended Message Mode sets monitoring conditions for standard security diagnostic messages that are issued by the current address space.

The messages that are controlled by LSEMM mode are a subset of the messages managed by LEMM mode. LSEMM mode can manage the set of security-oriented messages independently of LEMM mode. However, if LEMM mode is active, you cannot prevent security diagnostic messages from being issued by inactivating LSEMM mode.

LESTR

Local Extended Security Trace

Local Extended Security Trace mode manages extended diagnostic security trace messages that are produced by the current address space.

These messages are in addition to LSEMM messages and provide more information than the standard security trace messages.

Local Simple Security Trace messages (LSSTR) are a subset of the security trace messages that are managed by LESTR mode.

GESTR

Global Extended Security Trace

Global Extended Security Trace mode manages extended diagnostic security trace messages that are produced by the CAS and all connected address spaces.

These messages are in addition to the LSEMM option messages and provide more information than standard security trace messages.

The messages that are managed by GSSTR mode are a subset of GESTR messages. When GESTR mode is active, GSSTR messages are displayed regardless of the state of the GSSTR option.

LSSTR

Local Simple Security Trace

Local Simple Security Trace mode manages simple diagnostic security trace messages that are issued by the current address space.

LSSTR messages are a subset of the messages that are managed by the LESTR option. When LESTR mode is active, LSSTR messages are displayed regardless of the state of the LSSTR option.

GSSTR

Global Simple Security Trace

Global Simple Security Trace mode manages simple diagnostic security trace messages that are issued by the CAS and all connected address spaces.

GSSTR mode allows simple security trace messages to be managed independently of GESTR mode messages.

GSSM

Global Safe Security Message

Global Safe Security Message mode manages safe security messages that are issued by an external security manager during the initialization phase of a MainView window.

The default value is OFF; safe security messages are not displayed.

Safe security messages are standard messages that are issued during the creation of a security environment by the external security manager at sign-on. Safe security messages include message IDs, such as BBMSS201I, ICH70001I, TSS7000I, TSS7001I, and ACF01137, plus any additional messages designated by your installation.

Inherited security environments that are established during window initialization produce messages that normally convey insignificant information. These messages are typically bypassed. In cases where these messages might be important, the GSSM option can be set ON to display these messages under all circumstances.

If the external security manager returns any messages other than safe security messages during window initialization, this option value is ignored and all security messages are displayed.

WSXASTR

Extended Authorization Simple Trace

Extended Authorization Simple Trace mode manages simple Extended Authorization security interface trace messages that are issued in response to target or context activity occurring in the current window.

Extended Authorization is the name of the internal mechanism that is used by most components to authorize end user access to resources protected by the security interface. The simple trace messages issued by Extended Authorization are more general than those issued as a result of activating the LSSTR option.

You can dynamically enable or disable the display of simple trace messages for Extended Authorization security calls from the current window by specifying the appropriate line command.

A value of OFF means that Extended Authorization trace messages are disabled for the current window and are not displayed.

A value of ON means that Extended Authorization trace messages are enabled for the current window and are displayed in a manner similar to error messages.

SAFTRACE

CA ACF2 SAFTRACE GSO Option Status

CA ACF2 SAFTRACE GSO Option Status mode manages messages that are produced by the CA ACF2 external security manager in the current context.

The SAFTRACE option indicates the status of the CA ACF2 5.2 SAFTRACE GSO option, which is maintained by CA ACF2 for each system image. You can alter the status of this option only with facilities that are provided by CA ACF2 for this purpose.

The SAFTRACE option status is shown because it must be enabled to control SAFTRC messages.

A value of ON in the Status column indicates the CA ACF2 5.2 SAFTRACE GSO option is enabled. Requests for SAFTRC messages are supported.

A value of OFF in the Status column indicates the CA ACF2 5.2 SAFTRACE GSO option is disabled and the CA ACF2 NOSAFTRACE GSO option is in effect. Requests for SAFTRC messages are ignored.

For CA ACF2 Release 6.0 and above, the SAFTRACE GSO option is not supported and is always shown as OFF.

SAFTRC

CA ACF2 LOGONID SAF-TRC Attribute

This mode is displayed only if CA ACF2 is the external security manager in the current context.

The SAFTRC (SAF Interface Trace) option provides the status and temporary control over the SAF-TRC attribute of the LOGONID in effect for the address space for the current context for CA ACF2 Release 5.2 only.

The SAF-TRC attribute specifies that the CA ACF2 5.2 system's SAF interface component is to issue SAF trace messages describing the parameters for each RACROUTE macro instruction executed in the address space, provided that the SAFTRACE GSO option also is enabled.

For SAF trace messages to be generated by CA ACF2, the SAFTRACE GSO option must be enabled and the address space LOGONID must have the SAF-TRC attribute. You can temporarily enable the SAF-TRC attribute by turning this option ON.

You can dynamically, but only temporarily, enable or disable CA ACF2 5.2 SAF trace messages for the current address space LOGONID by specifying the appropriate line command.

A value of OFF means that SAF trace messages are disabled for the current address space LOGONID or that the LOGONID is to be temporarily made to have the NOSAF-TRC attribute.

A value of ON means that SAF trace messages are enabled for the current address space LOGONID or that the LOGONID is to be made to have the SAF-TRC attribute temporarily.


Was this page helpful? Yes No Submitting... Thank you

Comments