z/OS MVS IPCS Customization
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using BLSUGWDM to Disable Access to TSO/E Commands

z/OS MVS IPCS Customization
SA23-1383-00

For security, create a validity check module named BLSUGWDM. Place in this module your command name validation routine. Use the routine to disable access to TSO/E commands. Providing the validation routine prevents unauthorized users from accessing certain programs. IPCS calls BLSUGWDM during processing for the IPCS TSO subcommand and all TSO/E commands invoked under IPCS. IPCS passes BLSUGWDM the command processor parameter list (CPPL) and the command scan output area (CSOA), as filled in by the TSO/E IKJSCAN routine.

BLSUGWDM can change CSOA bits to indicate whether either:
  • A TSO/E command is incorrect (bit CSOABAD is set on)
  • A TSO/E command is valid only as a CLIST (bit CSOAEXEC is set on)
If the CSOAEXEC bit is on upon entry to BLSUGWDM, the routine should not turn it off.

References

See z/OS TSO/E System Diagnosis: Data Areas for the data areas.

Note: IBM® supplies a sample BLSUGWDM installation exit with the name of BLSXGWDM in the SYS1.SAMPLIB parmlib member. The sample will help you understand the capabilities and limitations of this interface.
Parent topic: Providing Security for IPCS

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014