Security Parameters

Detailed descriptions and default values for the parameters associated with Strobe's security access filter are provided below.

FILTER=DISABLE

Description: Specifies whether the Strobe access filter checks your security package to determine the type of access privileges granted to a TSO user ID for issuing Strobe commands. Strobe will not check your security package unless you enable the filter by removing the DISABLE value so that the parameter states FILTER=. Valid values are DISABLE and blank.

Default: DISABLE

Important

Note the following security considerations:

If you have RACF or CA Top Secret installed and the TSO user ID is not defined to the security package, the filter permits access.
If you have CA ACF2 installed and the TSO user ID is not defined to the security package, the filter denies access.
When the access filter is enabled, AutoStrobe uses it to verify that the issuer of an AutoStrobe request is authorized to access the program specified in the request.

SECURITY_PROFILE=

Description: Specifies the high-level profile ID for access to Strobe. The session management facility assigns the default value of $STROBE internally. See Defining-user-profiles-to-control-what-can-be-measured.

Default: None

SECURITY_LOGGING=NONE

Description: Specifies whether Strobe will suppress or log external security access attempts and messages. NONE suppresses logging of Strobe RACF (or other external security package) access attempts and messages. ASIS enables logging of Strobe RACF (or other external security package) access attempts and allows messages based on the resource’s profile. Valid values are NONE and ASIS.

Default: NONE

SECURITY_CLASS=

Description: Specifies the user-defined security class to be used when the access filter is enabled. If not otherwise specified, the defaults are FACILITY for RACF, or STROBE for Top Secret and ACF2.

Default: If not otherwise specified, FACILITY for RACF, or STROBE for Top Secret and ACF2.