Specifying authorized commands/programs, and commands not supported in the background
At your installation, you must maintain lists of authorized commands and programs, and commands not supported in the background. The lists allow users to execute authorized commands and programs, and restrict users from executing certain commands in background jobs. IBM® provides copies of the lists, including all required entries. Table 1 shows which entries are required in each list.
Maintain in the list of: | These names: |
---|---|
Authorized commands | RECEIVE |
Programs to be authorized when called through the TSO/E service facility | IKJEFF76 |
Commands not supported in the background | OPERATOR |
- User-written commands that do not work properly in the background (for example, command processors that issue TPUTs and TGETs)
- Commands whose use you plan to restrict in the foreground. The ACCOUNT command is one example of such a command. You might want to restrict its use as described in Limiting the use of the ACCOUNT, OPERATOR, RACONVRT, and SYNC commands.
For ISPF, you must ensure that the authorized commands receive control in an authorized state under ISPF. For more information, see .
- SYS1.PARMLIB member IKJTSOxx
- CSECTs IKJEFTE2, IKJEFTE8, IKJEFTAP, and IKJEFTNS.
- It makes it easy to maintain the lists of commands and programs. You avoid having to update, assemble, and link-edit the CSECTs IKJEFTE2, IKJEFTE8, IKJEFTAP, and IKJEFTNS.
- You can use the PARMLIB command if you want to use a different
list of authorized commands/programs, and commands not supported in
the background, without re-IPL of the system.
The PARMLIB command dynamically activates a SYS1.PARMLIB member IKJTSOxx of your choice. Its specifications are replaced by those in member IKJTSOxx of your choice. The chosen SYS1.PARMLIB member IKJTSOxx must at least contain the required entries shown in Table 1.
Use the PARMLIB command also to check the syntax of any IKJTSOxx member of SYS1.PARMLIB before you are going to use it, and to view the specifications in an active IKJTSOxx member. For more information about the PARMLIB command, see .
Using CSECTS IKJEFTE2, IKJEFTE8, IKJEFTAP, and IKJEFTNS does not allow for dynamic changes.
When you IPL the system, the commands and programs listed in either SYS1.PARMLIB member IKJTSOxx or in the individual CSECTs become available or restricted as specified.
- If IKJEFTE2, IKJEFTE8, IKJEFTNS, IKJEFTAP are link-edited into load module IKJTABLS in SYS1.LPALIB, IKJTABLS out of SYS1.LPALIB is used unless IKJTSOxx is found in SYS1.PARMLIB (or its logical concatenation).
- If IKJEFTE2, IKJEFTE8, IKJEFTNS, IKJEFTAP, IKJTABLS are in an authorized STEPLIB, then for the general users, SYS1.PARMLIB is used. For the user with the STEPLIB however, the CSECTs are used. This is supported through the following display PARMLIB LIST.
See Using SYS1.PARMLIB member IKJTSOxx and Using CSECTs IKJEFTE2, IKJEFTE8, IKJEFTAP, and IKJEFTNS for details on using either method.