Software Access Control guide

This topic is only applicable if you have applied PTF TMT8109 or higher.

Job Binding Service (JBS) includes the Software Access Control (SAC) facility. You can use this facility to extend the JBS function to allow an installation to restrict access to a specified software. You can invoke the SAC facility by using a TSO command, the CALL command, ISPF, REXX, CLIST, or batch jobs. 

Related topic

Installation-guide

Installing the SAC facility

For batch jobs, the SAC facility is installed when you install BMC ThruPut Manager.

For a TSO environment, install the ISPF exits 3 and 5 by using USERMOD UTMISPF which is found in installation member @UTMSAC.

If your installation is already using any ISPF exits you must merge the ThruPut Manager SAC exit routine definitions with your existing definitions, reassemble, and link. USERMOD UTMISPF assembles and links the ISPF exit module ISPEXITS into the library ISP.SISPLOAD.


Enabling the SAC ISPF exits

To enable ISPF exit routines use the IBM ISPF configuration utility. For more information, see the IBM manual, ISPF Planning and Customizing. You start this facility by issuing the IBM-supplied ISPF command TSO ISPCCONF. A sample of the utility panels follows. 

  1. Select option 1 - Create/Modify Settings and Regenerate Keyword File.
    You will be required to enter your installations keyword file data set. This is an IBM-defined optional dataset used by ISPF. If your installation already has one, enter it in the Keyword File Dataset area of the panel; otherwise, allocate a new one and enter its name in the panel (DSORG PO/ RECFM FB/LRECL 255/BLKSIZE 27795).
    If your installation already has a configuration member in the keyword file data set, enter it; otherwise, provide a member name as desired.
  2. Select option 5 - ISPDFLTS, CUA Colors, and Other DM Settings.
    Enter / to select option.
    Enable ISPF Exits.
  3. Use END or EXIT to return to the previous panel and then END or EXIT again to generate the keyword file. You will now be placed into edit in the data set(member) you originally specified.
  4. Verify that the keyword ENABLE_ISPF_EXITS is set to YES in the keyword table that has been generated (a standard FIND ENABLE_ISPF_EXITS locates the text in the table).
  5. Use END or PF3 to return to the main panel.
  6. Select option 3 - Verify keyword table contents.
  7. Select option 4 - Build a keyword table
    Module ISPCFIGU will be created (by default). This module must be copied to ISP. SISPLOAD so ISPF can use it.

Activating Software Access Control

When the ISPF exits have been implemented, to activate SAC, enable the customization option UM0054 by using the CUSTOM parameter on the TMPARM JES2 initialization statement. For more information, see TMPARM-initialization-statement.

Important

If you need to temporarily disable SAC, the TM CUSTOM command can be used to disable and reenable SAC. The TM CUSTOM DISPLAY command will display the status of this option.

SAC will not take any actions until a table is defined in the TMSS parameters and that table contains entries. For batch scenarios, the JBS BIND FROM_SAC statement must be included in the JAL as well. For more information, see JBS-Software-Access-Control on implementing the SAC TABLE.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*