z/OS Communications Server: SNA Programmer's LU 6.2 Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


The application's maximum security acceptance level

z/OS Communications Server: SNA Programmer's LU 6.2 Guide
SC27-3669-00

The application program can determine the partner's support for security subfields and indicators. It must also specify to VTAM® its level of support for the subfields. The following list shows three methods for specifying support.
  • Alternate BIND
    After the application program's optional LOGON or SCIP exit is driven, it must issue APPCCMD CONTROL=OPRCNTL, QUALIFY=ACTSESS to activate the session. The application program can specify an alternate BIND using the AREA field. Three bits on the alternate BIND indicate the application program's security acceptance level. The bit settings for each security level are shown in Table 1.
    Table 1. Application program's security acceptance level, alternate BIND
    Security Level   BIND Bits  
      BINCLSS BINAVFS BINPV
    NONE 0 0 0
    CONV 1 0 0
    ALREADYV 1 1 0
    PERSISTV 1 0 1
    AVPV 1 1 1
    Note: When an APPCCMD CONTROL=OPRCNTL, QUALIFY=CNOS macroinstruction causes a session to be established on the SNASVCMG mode, VTAM intercepts the LOGON exit, and the application program cannot specify an alternate BIND. For those CNOS requests that do not invoke negotiation, such as a CNOS with a partner that VTAM knows to be single-session capable, the application program can specify security acceptance information on the initial session. In all cases, the SCIP exit is driven for the initial session so the application program can supply an alternate BIND response for a CNOS-initiated session.
  • CNOS Session Limits Structure
    The application program can also specify the security acceptance level by setting 3 bits on the CNOS session limits structure (ISTSLCNS) when it issues APPCCMD CONTROL=OPRCNTL, QUALIFY=CNOS. Table 2 shows the bit settings for each security level.
    Table 2. Application program's security acceptance level, CNOS
    Security Level   CNOS Bits  
      SLCLCONV SLCLAVFA SLCLPV
    NONE 0 0 0
    CONV 1 0 0
    ALREADYV 1 1 0
    PERSISTV 1 0 1
    AVPV 1 1 1
  • SECACPT Operand on the APPL Definition Statement

    If the security acceptance level information is not supplied on either the CNOS session limits structure or an alternate BIND, the SECACPT operand on the application program's APPL definition statement is used.

    For information on how to code the SECACPT operand, refer to z/OS Communications Server: SNA Resource Definition Reference.

Note: If a security management product equivalent to RACF® 1.9.1 or greater is installed, it can limit the application's maximum security acceptance level. For a complete description of how the security management product can override this setting, refer to z/OS Security Server RACROUTE Macro Reference.
Parent topic: Conversation-level security

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014