ICSF provides these two job control language programs. You can
use this code as the basis for your startup procedure.
- member CSF in SYS1.SAMPLIB
//CSF PROC
//CSF EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT
//CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM00),DISP=SHR
- member CSFSTART in SYS1.SAMPLIB (batch setup for SMP/E)
//CSFSTART PROC
//CSFSTART EXEC PGM=CSFINIT,REGION=0M,TIME=1440,MEMLIMIT=NOLIMIT
//CSFPARM DD DSN=SYS1.PARMLIB(CSFPRM01),DISP=SHR).
Store
this startup PROC in SYS1.PROCLIB (or another suitable library). For
SMP/E this startup PROC can be copied to the CPAC.PROC data set, and
the data set name (SYS1.PARMLIB) can be copied to match the name you
chose for the CPAC.PARMLIB data set (in which CSFPRM01 would be placed).
This would work for Server-Pac. Outside of Server-Pac, you need to
copy and edit CSFSTART.
- Change or use the sample startup procedure according to your needs.
- In the sample code, the first line is the PROC statement. You
can add one or more procedure variables to the PROC statement. For
example, you can allow the system operator to decide at start time
which member of the installation options data set to use. This example
allows the operator to enter START CSF,M=CSFPRM01, specifying
an alternate set of start-up options.
//CSF PROC M=CSFPRM00
· · ·
//CSFPARM DD DSN=MY.ICSF.PARM(&M),DISP=SHR
You can use
the same principle to change the name of a sequential data set, if
you are not using a partitioned data set.
- The last line is the CSFPARM DD statement. The sample code specifies
SYS1.PARMLIB as the data set where the installation options data set
is stored. If you stored the installation options data set elsewhere,
replace SYS1.PARMLIB with the name of the data set where you stored
the installation options.
- The CSFPARM DD statement also specifies member CSFPRM00 as the
name of the installation options data set. If you used a different
name when you created the installation options data set (or any time
you want to use other options), change this member name.
- Store your startup procedure in SYS1.PROCLIB (or another suitable
library) with a member name of your choice. (Depending on installation
standards, possible names include CSF, CSFPROD, and CRYPTO.)
- If you use Security Server (RACF), you may need to update the
RACF Started Procedure Table if you define a new started task:
- Add the new started task name
- Add a RACF userid to associate with the started task. This userid
requires that:
- READ access to the data set to which the CSFPARM JCL DD statement
refers
- Define all CKDSs in every installation option data set.
- Define all PKDSs in every installation option data set.
See z/OS Security Server RACF System Programmer’s Guide for
more information.
- Optionally, you can add a RACF group name.
Note:
RACF uses the userid associated with the ICSF address
space only when accessing the CKDS and PKDS named in the installation
options data set and then only at ICSF startup. When you perform
a CKDS or PKDS Refresh task by using the ICSF ISPF panels under
TSO/E, RACF uses the TSO userid to determine access authorization.
When the CKDS Refresh and PKDS Refresh tasks are a batch job, RACF
uses the userid associated with the batch address space to determine
access authorization.
|