z/OS ISPF Software Configuration and Library Manager Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Determining the type of security to implement

z/OS ISPF Software Configuration and Library Manager Guide and Reference
SC19-3625-00

By activating security, it means that all three types of SCLM security are automatically active. These security features are
  • SCLM DSN security
  • SCLM subproject security
  • SCLM service security

The SCLM administrator must determine which security features are required for each SCLM project/alternate.

To turn off any of the security features, you must ensure that:

  • The SCLM load module FLMSEC01 is in the link list and it is in an APF-authorised library.
  • The program FLMSEC01 itself must be added to the authorized TSO command list in PARMLIB member IKJTSOxx.

If FLMSEC01 is not authorised, then security features are active even if there is a XFACILIT resource defined to turn it off.

To turn off SCLM DSN security for an SCLM project/alternate, you must create a XFACILIT resource class with a UACC of READ. The profile name should be in the format: 
SCLM.SECDSN.OFF.project.alternate
Figure 1 shows an example of turning off SCLM DSN security for an SCLM project/alternate.
Figure 1. Example of turning off SCLM DSN security for an SCLM project/alternate
CLASS      NAME
-----      ----
XFACILIT   SCLM.SECDSN.OFF.PRJ0120.* (G)

GROUP CLASS NAME
----- ----- ----
GXFACILI

LEVEL  OWNER      UNIVERSAL ACCESS  YOUR ACCESS  WARNING
-----  --------   ----------------  -----------  -------
 00    SCLM            READ               READ    NO

INSTALLATION DATA
-----------------
NONE

APPLICATION DATA
----------------
NONE

SECLEVEL
--------
NO SECLEVEL

CATEGORIES
----------
NO CATEGORIES

SECLABEL
--------
NO SECLABEL

AUDITING
--------
FAILURES(READ)

NOTIFY
------
NO USER TO BE NOTIFIED
To turn off SCLM subproject security for an SCLM project/alternate, you must create a XFACILIT resource class with a UACC of READ. The profile name should be in the format: 
SCLM.SECSUB.OFF.project.alternate
Figure 2 shows an example of turning off SCLM subproject security for an SCLM project/alternate.
Figure 2. Example of turning off SCLM subproject security for an SCLM project/alternate
CLASS      NAME
-----      ----
XFACILIT   SCLM.SECSUB.OFF.PRJ0120.* (G)

GROUP CLASS NAME
----- ----- ----
GXFACILI

LEVEL  OWNER      UNIVERSAL ACCESS  YOUR ACCESS  WARNING
-----  --------   ----------------  -----------  -------
 00    SCLM            READ               READ    NO

INSTALLATION DATA
-----------------
NONE

APPLICATION DATA
----------------
NONE

SECLEVEL
--------
NO SECLEVEL

CATEGORIES
----------
NO CATEGORIES

SECLABEL
--------
NO SECLABEL

AUDITING
--------
FAILURES(READ)

NOTIFY
------
NO USER TO BE NOTIFIED
To turn off SCLM service security for an SCLM project/alternate, you must create a XFACILIT resource class with a UACC of READ. The profile name should be in the format: 
SCLM.SECSVC.OFF.project.alternate
Figure 3 shows an example of turning off SCLM service security for an SCLM project/alternate.
Figure 3. Example of turning off SCLM service security for an SCLM project/alternate
CLASS      NAME
-----      ----
XFACILIT   SCLM.SECSVC.OFF.PRJ0120.* (G)

GROUP CLASS NAME
----- ----- ----
GXFACILI

LEVEL  OWNER      UNIVERSAL ACCESS  YOUR ACCESS  WARNING
-----  --------   ----------------  -----------  -------
 00    SCLM            READ               READ    NO

INSTALLATION DATA
-----------------
NONE

APPLICATION DATA
----------------
NONE

SECLEVEL
--------
NO SECLEVEL

CATEGORIES
----------
NO CATEGORIES

SECLABEL
--------
NO SECLABEL

AUDITING
--------
FAILURES(READ)

NOTIFY
------
NO USER TO BE NOTIFIED
Parent topic: SCLM internal security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014