Previous Topic: MVS Privileges 1 Tab

Next Topic: MVS CICS Tab


MVS Privileges 2 Tab

Use this tab to display and specify logonID record MVS privileges for administration, validation, job submission, and tape processing.

The fields in this tab are listed below:

Group

Specifies the one- to eight-character group or project name that is the default for this logonID. If specified, CA-ACF2 allows access to the system based on the group or project name. An asset group must exist that allows the logonID to use a group name for system access. CA-ACF2 changes the group ID and access privileges based on the privileges for the group.

Size/Type: 1-8 alphanumeric characters

Prefix

Specifies the zero- to eight-character high-level index of the asset groups that this logonID owns. The logonID automatically has access to this data. This field value also identifies the group ID of the asset group that this logonID can define.

Size/Type: 1-8 alphanumeric characters

Restrictions: You can use asterisks to mask this value, but you cannot use a mask that contains a dash.

Scope

Specifies the one- to eight-character name of the scope record that restricts accesses for this logonID. This field is used to limit administrative authority of a logonID. The scope record you include must already exist. In CA-ACF2, this is the same as the SCPLIST logonID record field.

Size/Type: 1-8 alphanumeric characters

SMS

Specifies the one- to-eight character name of a SMS record that contains the default storage management class values for this logonID. In CA-ACF2, this is the same as the SMSINFO logonID record field.

Size/Type: 1-8 alphanumeric characters

Batch Job

Specifies the user can submit batch jobs. CA-ACF2 checks that the logonID that submits the job has the authority to submit batch jobs.

In CA-ACF2, this is the same as the JOB logonID record field. CA-ACF2 checks for this authorization if the JOBCK field of the GSO OPTS record is specified.

CICS

Specifies the user can sign onto a CICS region. This is the default for authorizing access to CICS. You can use a different field to authorize CICS signon by changing your site's CICS initialization parameters and by adding an @CFDE entry to the ACFFDR.

IDMS

Specifies the user can sign onto IDMS. This is the default for authorizing access to IDMS.

You can use a different field to authorize IDMS signon by changing the CA-ACF2 IDMS @MOPT macro.

IMS

Specifies the user can sign onto IMS. This is the default field for authorizing access to IMS.

The IMS AUTH operand can be used to choose a different field.

Started Task

Specifies that only started tasks can use this logonID. CA-ACF2 prevents a TSO session or a job from using a logonID that has this attribute.

In CA-ACF2, this is the same as the STC logonID record field.

TSO

Specifies the user can log onto TSO. In CA-ACF2, you can use the LOGONCK field of the TSO record to request that CA-ACF2 check the user's TSO logon authorization.

VAX

Specifies that the user can access the VAX system. In CA-ACF2, the logonID database includes VAX(UAF) records associated with this logonID.

VM

Specifies that the user can log onto the VM system. Specify this field if you have CA-ACF2 for VM and use Shared Database Support.

VMXA

Specifies the user can log onto the VM/XA system. The VMXA field applies only to VM users. In CA-ACF2, specify this field only if VMCHK=VMXA operand is specified in the @VM macro.

USS

Specifies that the user can use any UNIX system Services. This overrides any user OMVS profile record defined for the user.

Mon-log

Specifies system entry by this user is being logged in an SMF record. The Started Task field overrides this field.

Trace

Specifies the user is being traced. Tracing means that all asset accesses made by the user are logged.

Monitor

Specifies the user is being monitored. Whenever this user accesses the system, a message is sent to the security console and to the logonID who activated this field.

TSO Trace

Specifies whether CA‑ACF2 traces all TSO commands issued by this user. When this field is checked, it tells CA‑ACF2 to trace the commands. In CA-ACF2, this is the same as the TSO-TRC logonID record field.

MaxVio

Specifies the maximum number of violations.