OLTCNTL parameter ACTNSEC
These options control the initialization processing within the individual CICS/TS region.
When MainView for CICS Action Commands are executed by the CICS/TS regions to altered a managed resource, these commands invoke a CICS/TS SPI command in the CICS/TS region. You can use the OLTCNTL parameter ACTNSEC to control the user ID referenced by the Security Authorization Facility (SAF) RACROUTE authorization checks for specific commands before SPI command executes the Action Command request.
Valid values for the ACTNSEC parameter are NO and YES (ACTNSEC=_NO|YES). These options operate in conjunction with the System Initialization Table parameters of the CICS/TS region and the user ID associated with the Action Command at the time it was invoked.
The special case Action Commands for which MainView for CICS invokes the SAF RACROUTE authorization checks before the CICS SPI command is executed are called Restricted Action Commands.
ACTNSEC option Restricted Action Commands
The Restricted Action Commands must be executed within the JNL2 transaction without starting a new task. These commands are listed in the following table. For all other commands, the processing attaches the FCD2 transaction executing for the user ID associated with the Action Command at the time the command was invoked. When no user ID is associated with the action request, the FCD2 task executes for the user ID associated with the JNL2 transaction.
The Restricted Action Commands do not attach the FCD2 task to process to avoid any possible delay that might occur while attaching a new task. A slight delay could occur if the CICS/TS resources required to attach a new task are not available, and the task might not be dispatched immediately. Therefore, the FCD2 task executes for the user ID associated with the JNL2 transaction.
Restricted Action Commands
Cmd function | Cmd token-1 | Cmd token-2 | EXEC CICS |
---|---|---|---|
SET | ALTMAXT | null | SET SYSTEM MAXTASKS(nn) |
SET | SYSTEM | MAXTASK | SET SYSTEM MAXTASKS(nn) |
SET | SYSTEM | DSALIM | SET SYSTEM DSALIM(nn) |
SET | SYSTEM | EDSALIM | SET SYSTEM EDSALIM(nn) |
QCEMT | SET | TASK | SET TASK(nn) PURGE FORCEPURGE KILL |
The OLTCNTL option ACTNSEC enables one of the following approaches to check the user ID authorization for each CICS/TS SPI command executed by MainView for CICS in the CICS/TS region. The CICS/TS SIT options determine which security authorization checks are invoked at the time the CICS/TS SPI command is executed. The ACTNSEC options are:
ACTNSEC value | Description |
---|---|
NO (default) | Security authorization processing continues to operate as it has in the past. For restricted commands, any security authorization checks at the time the CICS/TS SPI command is executed are against the user ID associated with the JNL2 task. The FCD2 task is never attached for these commands. For unrestricted commands, starts the FCD2 task to process the command. At the time the task is started, continues using the existing logic that tests the command request for a user ID. When the user ID parameter is defined to the MainView AutoOPERATOR command CICSTRAN, starts the FCD2 task for that user ID. Otherwise, the FCD2 tasks run with the same user ID as the JNL2 task. |
YES | The FCD2 task will be attached to process all commands with the exception of restricted commands. For restricted commands, any security authorization checks are processed by the OLT Function Package, before the command is processed by JNL2. The authorization checks are made against the user ID that invoked the command. The FCD2 task is never attached for these commands. For unrestricted commands, when the user ID parameter is defined to the MainView AutoOPERATOR command CICSTRAN, starts the FCD2 task for that user ID. Otherwise, starts the FCD2 task to process the command for the user ID that invoked the command. |
Comments
Log in or register to comment.