z/OS TSO/E Customization
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Using SYS1.PARMLIB member IKJTSOxx

z/OS TSO/E Customization
SA32-0976-00

To use IKJTSOxx, do the following:
  • If you have not already done so, copy sample member IKJTSO00 from SYS1.SAMPLIB to SYS1.PARMLIB. You might have already copied IKJTSO00 to define other installation defaults.
  • You can create alternative members in SYS1.PARMLIB using the IKJTSOxx naming convention.
  • Edit the member in SYS1.PARMLIB to contain the names of appropriate commands and programs for your installation.
Entries in IKJTSOxx must be command or program names up to eight characters in length, separated from other entries by one or more blanks, and enclosed in parentheses after one of the following parameters:
AUTHCMD NAMES
to specify authorized TSO/E commands.
AUTHPGM NAMES
to specify programs that are authorized when invoked via the CALL command.
AUTHTSF NAMES
to specify programs that are authorized when invoked through the TSO/E service facility and in most cases are not in AUTHPGM. These programs are primarily those which expect more complex parameter lists than that of the CALL command and use parameter 7 of the IKJEFTSR parmlist to supply parameters for the invoked program. As a general rule, programs in this list should not accept parameters that are pointers to code what is to be executed (such as exit routines) as this might introduce an integrity exposure.
Note: Do not place programs from any IBM® products in this table unless specifically instructed to do so by the owning product documentation. For example, do not put IDCAMS in AUTHTSF.
NOTBKGND NAMES
to specify commands not supported in the background.
The following example shows required entries in the list of authorized commands distributed in IKJTSOxx. In this and other lists, you can add your own entries. The entries can contain comments and must use continuation symbols when the list continues on the following line. 
AUTHCMD NAMES(               /* AUTHORIZED COMMANDS    */      + 
   RECEIVE                   /*                        */      + 
   TRANSMIT XMIT             /*                        */      + 
   LISTB    LISTBC           /*                        */      + 
   SE       SEND             /*                        */      + 
   RACONVRT                  /*                        */      + 
   CONSPROF                  /*                        */      + 
   SYNC                      /*                        */      + 
   TESTAUTH TESTA            /*                        */      + 
   PARMLIB)                  /*                        */
The following example shows required entries in the list of programs to be authorized when called through the TSO/E service facility.
AUTHTSF NAMES(   /* PROGRAMS TO BE AUTHORIZED          */      + 
                 /* WHEN CALLED THROUGH THE TSO        */      + 
                 /* SERVICE FACILITY.                  */      + 
   IKJEFF76)     /*                                    */
The following example shows required entries in the list of commands not supported in the background.
NOTBKGND NAMES(        /* COMMANDS WHICH MAY NOT BE    */      + 
                       /* ISSUED IN THE BACKGROUND.    */      + 
   OPER     OPERATOR   /*                              */      + 
   TERM     TERMINAL)  /*                              */
Parent topic: Specifying authorized commands/programs, and commands not supported in the background

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014