Default security parameter definitions

This topic shows the security parameter definitions that are distributed with

MainView

windows mode products.

Default BBMTSS parameter definition member

ESM ESMTYPE(AUTO)      /* AUTOMATICALLY DETERMINE ESM TYPE         */
    PRODUCTS(BBI3)     /* BASE PRODUCT                             */
    SUBSYS(SSID)       /* RACROUTE SUBSYS= IS CAS SSID             */
    REQSTOR(ASIS)      /* RACROUTE REQSTOR= REMAINS UNCHANGED      */
    APPL(SSID)         /* RACROUTE APPL= DEFAULT IS CAS SSID       */
    SESSTYPE(NONE)     /* RACROUTE SESSTYPE= IS NOT SPECIFIED      */
    ESMUID(ACCEPT)     /* ESM-DEFINED USERIDS ARE NOT REQUIRED     */
    DFLTUID(NONE)      /* DEFAULT ESM USERID IF ESMUID(ACCEPT)     */
    PGMRNAME(ALLOW)    /* USER CAN SPECIFY PROGRAMMER NAME         */
    ESMGRINH(ALLOW)    /* ALWAYS ALLOW GROUP IDENT INHERITANCE     */
    ACCTINFO(ALLOW)    /* USER CAN SPECIFY ACCOUNTING INFO.        */
    DFLTACCT(EXTERNAL) /* DEFAULT ACCOUNT INFO. DEFINED BY ESM     */
    TRACE(NONE)        /* SECURITY TRACES NOT INITIALLY ENABLED    */
    WINMSG(NONSAFE)    /* BYPASS DISPLAY OF 'SAFE' SECURITY MSGS   */
    ;

The following table contains information about each parameter and the values that can be defined.

Default security parameter definitions

Parameter	Description
ESMTYPE( esmtype)	Specifies the type of ESM in use on this system: AUTO attempts to determine automatically which ESM is installed and has been activated. NONE indicates there is no SAF-compatible ESM.
PRODUCTS( product)	Do not modify This parameter is no longer functional and is retained for compatibility purposes only.
RELEASE( release)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
SUBSYS( subsys)	Specifies the one- to eight-character subsystem name to be passed to the ESM by the SUBSYS= parameter of the RACROUTE macro instruction The following values can be specified for subsys: APPL - current value of the APPL parameter. APPLID - current CAS VTAM application name. JOBNAME - current CAS JOB name. STEPNAME - current CAS STEP name. PROCSTEP - current CAS PROCedure stepname SSID - MVS subsystem ID defined for use by the CAS SMFID - current MVS image SMF identifier NONE - no SUBSYS= value is passed '' Null - no SUBSYS= value is passed (same as NONE) 'string' - the specified one- to eight-character string is passed
REQSTOR( ctrlpt)	Specifies the one- to eight-character requestor or control point name to be passed to the ESM by the REQSTOR= parameter of the RACROUTE macro instruction The following values can be specified for ctrlpt: ASIS - requestor value is not altered from that specified by MainView in the resource definition table entry APPL - current value of the APPL parameter APPLID - current CAS VTAM application name JOBNAME - current CAS JOB name STEPNAME - current CAS STEP name PROCSTEP - current CAS PROCedure stepname SSID - MVS subsystem ID defined for use by the CAS SMFID - current MVS image SMF identifier NONE - no REQSTOR= value is passed '' Null - no REQSTOR= value is passed (same as NONE) 'string' - the specified one- to eight- character string is passed
APPL( applid)	Specifies the one- to eight-character application name to be passed to the ESM by the APPL= parameter of the RACROUTE macro instruction The following values can be specified for applid: APPLID - current CAS VTAM application name JOBNAME - current CAS JOB name STEPNAME - current CAS STEP name PROCSTEP - current CAS PROCedure stepname SSID - current CAS address space MVS subsystem ID SMFID - current MVS image SMF identifier NONE - application access is not validated '' Null - no APPL= value is passed (same as NONE) 'string' - the specified one- to eight-character string is passed
SESSTYPE( type)	Do not modify This parameter is no longer functional and is retained for compatibility purposes only.
ESMUID( process)	Identifies the ESM user ID processing to be performed The following values can be specified for process: ACCEPT - an ESM-defined user ID can be specified, used, defaulted, or inherited (but one is not required) REQUIRED - a valid ESM-defined user ID must be specified, used, defaulted, or inherited REJECT - a valid ESM-defined user ID cannot be specified or inherited
DFLTUID( dfltuid)	The default user ID to be used if ESMUID(ACCEPT) is specified, the user ID provided is not defined to the ESM, and no service point-level default user ID has been specified The following values can be specified for dfltuid: NONE - no default user ID has been provided 'UserID' - default user ID to be used
PGMRNAME( value)	Do not modify This parameter is no longer functional and is retained for compatibility purposes only.
ESMGRINH( value)	Indicates whether the inheritance of the GROUP IDENT that is associated with a user ID's extracted security environment from any originating system to a target system is allowed and, if so, under what circumstances The following values can be specified for value: ALLOW - the GROUP IDENT of a user ID is always inherited, regardless of the inheritance mechanism used to establish a security environment IGNORE - the GROUP IDENT of a user ID is not inherited UTKNONLY - the GROUP IDENT of a user ID is inherited only for security environments established by means of a B1 UTOKEN EXTRONLY - the GROUP IDENT of a user ID is inherited only for security environments established by means of a non-B1 security environment password or CA-ACF2 LOGONID mask extraction Warning Note IBM MVS B1 security guidelines require that ALLOW or UTKNONLY be specified. Any other value for this field is specified at the installation's own risk.
ACCTINFO( value)	Do not modify This parameter is no longer functional and is retained for compatibility purposes only.
DFLTACCT( value)	Do not modify This parameter is no longer functional and is retained for compatibility purposes only.
TSSPRIVPGM( opt)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
TSSMSGS( src)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
ACF2MSGS( src)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
ENTITYX( opt)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
DSTYPE( x)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
TRACE( trace)	Specifies the type of security trace messages to be issued to the console The following values can be specified for trace: NONE - no security interface activity trace messages are to be issued SIMPLE - only simple security trace messages are to be issued EXTENDED - extended security trace messages are to be issued Simple and Extended Security tracing can be activated and terminated after the CAS has initialized by using the DIAGMSG view.
RSLIMIT( count)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
RSINTERVAL( mins)	Do not use This parameter is no longer functional and is retained for compatibility purposes only.
WINMSG( option)	Specifies which security interface-generated and ESM-generated messages are to be displayed in any MainView window. The following values can be specified for option: ALL, all security messages are to be exhibited to the user NONSAFE, only nonsafe security messages are to be displayed Safe security messages can be bypassed safely and not exhibited to the end user. This option reduces the frequency and volume of nuisance security manager and security interface-generated messages.

Default security parameter definitions

MainView Infrastructure 6.3

On this page