|
To activate specific functions of base TSO/E, perform the following: - If you have not already done so, add
the subcommands of the TSO/E TEST command (AND, OR, LISTVSR, and UNALLOC)
to the SMF CSECT IEEMB846. If the subcommands are not in IEEMB846,
they are recorded as *OTHER on Type 32 SMF records. See for
the SMF record format.
- If your installation plans to record CONSOLE subcommands, add
the subcommands to the SMF CSECT IEEMB846. If the subcommands are
not in IEEMB846, they are recorded as *OTHER on Type 32 SMF records.
For information about SMF record format, see .
- Reinstall your installation's versions of TSO/E exit routines that
were deleted or replaced when you installed TSO/E. See Considerations for installing TSO/E for information about the exit routines
that are deleted or replaced when you install TSO/E.
- For the TESTAUTH, TESTA, and MVSSERV commands to work under ISPF,
you must update the ISPF command table, ISPTCM. For information about
updating the table, see .
- To use security labels to protect system resources, do the following:
- Use RACF® to define security
labels and to activate security label checking.
- Define all TSO/E users through RACF and
specify a security label (SECLABEL) for each user's user ID. Each
user may have a TSO segment created within that user's RACF profile.
Note: If you want to use security labels, do not activate the
Information Center Facility. The Information Center Facility does
not support the security enhancements.
- If your installation plans to use the RACF resource classes JESJOBS and JESSPOOL,
you should reinstall the OUTPUT/CANCEL/STATUS sample exit, IKJEFF53,
supplied in SYS1.SAMPLIB. For more information about the sample exit,
see Customizing the SUBMIT command and job output processing.
- To protect the security classification of messages, do the following:
- During IPL, the IKJTSO00 member is read. Edit the IKJTSO00 member,
so that security protection is automatically activated at each IPL
time.
If you do not update IKJTSO00, you need to issue the dynamic
PARMLIB command using the UPDATE operand and specify the suffix of
the member (xx) you have edited. You must have UPDATE authority to
the RACF security resource
class, TSOAUTH, to issue the dynamic PARMLIB command.
- If you are using security labels, create a generic profile for logname.* (user-log
data-set name) with a universal access of NONE, and specify SYSHIGH
for the SECLABEL to protect each user's individual user log, which
contains protected messages. Creating this generic profile prevents
other users from viewing the contents of the user's user log and defines
the user log as system-high because it may contain any level
of information.
- Define the broadcast data set to RACF with
UACC(READ) and SECLABEL(SYSLOW). This allows system notices to be
stored in and retrieved from the broadcast data set.
- To control the use of the TSO/E SEND and LISTBC commands when
using the security enhancements, see .
- To control and audit the use of the TSO/E SEND command, define
the RACF security resource
class, SMESSAGE, for your users. For more information about using
SMESSAGE to control the use of the TSO/E SEND command, see .
|