Global configuration parameters

The global configuration parameters are applicable for every server and agent address space. You can place them inside a Scope block to define different values for different address spaces.

Application selection

Applications such as PAM and SSPR can run only in the Server address space, while other applications, such as BMC AMI Security Policy Manager, can run in Server or Agent address spaces.

Use the Activate applicationName parameter to define which applications to activate in the RSS instance being configured. Specify multiple Activate parameters to start multiple applications. The application specified will be activated in this instance of RSS.

Valid applicationName values are:

Server
Illumio
PAM
SSPR
SPM
Venafi

Custom authentication

Custom authentication parameters are as follows:

Parameter	Description
UI1 uiReplacementFile1	Name of the JavaScript file to be used as the first custom UI file This file must exist in the USERDOCS partition data set (PDS) defined in the started task procedure.
UI1 uiReplacementFile2	Name of the JavaScript file to be used as the second custom UI file A second custom UI file is useful if you need to separate processing commands and callback tasks. Important This file is not automatically loaded by the UI. It must be referenced by uiReplacementFile1. This file must exist in the USERDOCS partition data set (PDS) defined in the started task procedure.
userAuth userID additionalData	Used to confirm the authentication status of the user request PAM uses these values to determine if the user request can be confirmed: userAuth—Contains the authentication string, generally an email or token, that matches the value in the JavaScript for the specified user userID—Contains the mainframe ID to be mapped to the specified user (userAuth) additionalData—(Optional) From 1 to 64 characters, a custom message that is returned to the user when authentication is confirmed

General parameters

The following parameters relate to general operation:

Parameter

Description

TCPBufferSize numberOfBytes

Specifies the size in bytes of the TCP receive buffer used by RSS

We recommend that you modify this parameter only if specific applications require a larger buffer to prevent unnecessary overhead.

RecoveryMax

Number of times within a calendar day that the RSS High Level Task Manager will recycle the RSS-managed product if an abend occurs during normal processing. The RSS HLM software automatically performs a cleanup and restarts the specific product to ensure availability.

Valid values are 1 through 12, and the default value is 3.

LicExpireInt numberOfMinutes

(SPE2404)

Specifies how often the system reports a product license that is less than 31 days from expiration

Valid values are from 5 to 1,440 minutes (24 hours). If the product license is within 31 days of expiration, the RSS0004I message is displayed.

The default value is 60 minutes.

CodePage codePageName

(SPE2407)

Specifies the code page to be used for custom apps

Code pages are used to translate back and forth between EBCDIC and ASCII. Be cautious if you specify a code page for BMC AMI Enterprise Connector for Illumio because the data that comes from Illumio Policy Compute Engine (PCE) should use the code page, Default.

The following code pages are supported:

Code page name	Description
AUSGER	Austrian and German CECP Code Page 273
BELGIAN	Belgian (New) CECP Code Page 500
CANADIAN	Canadian Bilingual CECP Code Page 037
DANNOR	Danish and Norwegian CECP Code Page 277
DUTCH	Netherlands CECP Code Page 037
EAUSGER	Austrian and German CECP Code Page 858–1141
EBELGIAN	Belgian (New) CECP Code Page 858–1148
ECANADIA	Canadian Bilingual CECP Code Page 858–1140
EDANNOR	Danish and Norwegian CECP Code Page 858–1142
EDUTCH	Netherlands CECP Code Page 858–1140
EFINSWED	Finnish and Swedish CECP Code Page 858–1143
EFRENCH	French CECP Code Page 858–1147
EITALIAN	Italian CECP Code Page 858–1144
EPORTUGU	Portuguese CECP Code Page 858–1140
ESPANISH	Spanish and Spanish Speaking CECP Code Page
ESWISFRE	Swiss-French (New) CECP Code Page 858–1148
ESWISGER	Swiss-German (New) CECP Code Page 858–1148
EUK	English (UK) CECP Code Page 858–1146
EUS	English (US) CECP Code Page 858–1140
FINSWED	Finnish and Swedish CECP Code Page 278
FRENCH	French CECP Code Page 297
ITALIAN	Italian CECP Code Page 280
JAPANESE	Japanese English Code Page 281
JPNALPHA	Table for 01041 to 01027
JPNKANA	Table for 01041 to 00290
KOR0891	Table for 00891 to 00833
KOR1088	Table for 01088 to 00833
OEMVS311	ASCII(ISO 8859-1)-to-EBCDIC (1047 - z/OS UNIX)
PORTUGUE	Portuguese CECP Code Page 037
PRC1115	Table for 01115 to 00836
SPANISH	Spanish and Spanish Speaking CECP Code Page 284
STANDARD	Standard table provided by IBM
SWISFREN	Swiss-French (New) CECP Code Page 500
SWISGERM	Swiss-German (New) CECP Code Page 500
TAI0904	Table for 00904 to 00037
TAI1114	Table for 01114 to 00037
TELNET	Table for TELNET
TELNETSE	Table provided by IBM
UK	English (UK) CECP Code Page 285
US	English (US) CECP Code Page 037

Internal trace table

(Optional) The InternalTrace value parameter specifies the number of entries in the RSS internal trace table. This table tracks events occuring in RSS products and is used by BMC Support for troubleshooting purposes. The contents of the table can be output by command. If an abend occurs it is automatically formatted and prepared for output.

To disable internal tracing, specify a value of 0.

If you omit this parameter, the default value is 4096.

JCL parameters

Following are the JCL-related parameters:

Parameter	Description
CONFIG	Recognized by the program as a valid input to execute the parameters
PARM	Passes input data from the job step into a program (for more information, see JCL documentation by IBM)
PROG	Identifies the current processing program (for more information, see JCL documentation by IBM)

Message and tracing parameters

Normally, you would need only information and error messages to be output. However, sometimes BMC might ask you to activate tracing messages, for example, to help track down an issue.

Use the following MessageLevel type type type parameter to specify which messages to output. You can specify as many MessageLevel parameters as required and specify multiple types on a single line.

Parameter	Description
AppTrace	Turns on application-specific tracing
BufTrace	Traces data in all traced exchanges and protocol information
DATATrace	Traces detailed data buffers during communication Warning Use this trace with caution to avoid reporting sensitive data.
DLLTrace	Traces application DLL calls
DSTrace	Traces data space activity
Error	Output error messages
HTTPTrace	Traces HTTP traffic generated by user interactions with the RSS browser interface
Info	Output information messages
JSONTrace	Traces JSON streams over the REST API
MUTEXTrace	Traces mutual exclusion (mutex) operations
RACFTrace	Traces all RACF commands and their output responses
REXXTrace	Traces REXX activity and allows the called REXX execs to write additional trace data
SQLTrace	Traces application SQL calls
TCPTrace	Traces all TCP communications including SSL exchanges when using HTTPS protocol
XCFTrace	Traces data sent and received across XCF communications

The recommended settings for normal use are:
MessageLevel Error Info

RACF settings

The following parameters define specific RACF settings:

Parameter	Description
ClassName FACILITY\|class	By default, the RSS RACF resources are defined in the FACILITY class If you placed the RSS resources in a different class during installation, specify it here.
MixedCase Yes\|No	(Optional) Specifies whether mixed-case passwords can be used Yes enables mixed-case passwords. No converts passwords to uppercase before processing. If you omit MixedCase, the default is No.
RACFAdminUser userID auto\|noauto	For RSS-based components that need to issue RACF administrative commands, this parameter defines the user ID under which commands are issued (Optional) userID specifies the user ID that is used to issue commands. If you omit userID, the default is the user ID for the address space in which RSS is running. auto specifies that RSS should use APF authorization to provide the authority for commands. (Default) noauto specifies that RSS should not use APF authorization. If you omit RACFAdminUser, RACF commands run under the user ID for the address space on which RSS is running, with no APF authorization.
RACFCommandDelay numberOfSeconds	The number of seconds that RSS waits between resetting a password (setting a temporary password using the ALU command) and setting a new password Enter a number from 1 to 60. For systems that synchronize user password changes using the RACF remote sharing facility (RRSF), this gives RRSF time to propagate the first action (reset) before the second action (set) is executed. It applies especially to the BMC AMI Security Self Service Password Reset and BMC AMI Security Privileged Access Manager (formerly BMC AMI Security Breakglass) products if you are using the multiple LPAR facility. If you omit this parameter, the default is 0.

Security setting

Use the CommandSecurity On|Off parameter to specify whether RSS should implement an additional layer of security for MODIFY commands submitted to the started task. When set to On, RSS checks for the RACF or Top Secret profile, RSM.RSSCMD.command, and verifies that the user submitting the MODIFY command has a minimum of READ access to the profile.

If you omit this parameter, the default is Off.

For information about the MODIFY command, see Commands.

SMF parameters

(Optional) The SMFRecordType type parameter defines the SMF record type written by RSS-based applications. Subtypes can also be used to differentiate records from different applications.

For type, specify a number between 128 and 255.

If you omit this parameter and you are running BMC AMI Security Privileged Access Manager, the default type is 175.

If you omit this parameter and you are running BMC AMI Security Self Service Password Reset, the default type is 175, subtype is 21.

SyslogD Identification

The SyslogId id parameter defines the ID attached to SyslogD records written by this instance of RSS. The id specified is used in the name field of any SyslogD record written by this instance of RSS. The default value is rss.