FLTRETCOD FLDETLRC FLJOBTYP Top Secret TSSUTIL fields
search cancel

FLTRETCOD FLDETLRC FLJOBTYP Top Secret TSSUTIL fields

book

Article ID: 190891

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

What do the following TSSUTIL record fields mean:

FLRETCOD           DS          X             RETURN CODE 

FLDETLRC            DS          X             DETAIL REASON CODE 

FLJOBTYP            DS          X             FACILITY 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

a. FLRETCOD - Is the SAF RC which is passed back on a IBM RACROUTE security call and is documented at the follownig link:
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.ichc600/ich2c6_Return_codes_and_reason_codes1.htm
The common SAF RCs you will be receiving is 0, 4, 8.
0 means authorized to the resource
4 means the resource is not defined there for not protected by Top Secret, so access should be granted.
8 means the resource is not authorized
The above link talks about the Reason codes which are not applicable to Top Secret. Top Secret has Detailed Reason Codes.
b. FLDETLRC is the Detailed Reason Code which gives more details about the violation like user doesnt have a permit, user has permit but not the appropriate access level, user permitted to the resource but not on this system....etc... The Detailed Reason Code (DRC) is documented at the following link:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/reporting/tssutil-utility/tssutil-report-description/detailed-violation-error-reason-code-legend.html
c. FLJOBTYP is the TYPE of FACILITY which is set when you define the FACILITY to Top Secret. It give you and idea what the FACILITY is used for like CICS, IMS, ROSCOE, BATCH, JES etc.....Issue a TSS MODIFY FAC(facilityname) command to display the TYPE= of FACILITY.

Example:

tss modify fac(cicsprod)
TSS9550I FACILITY DISPLAY FOR CICSPROD
TSS9551I INITPGM=DFH ID=C TYPE=004 <==========
TSS9552I ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF
TSS9552I ATTRIBUTES=NOLUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT
TSS9552I ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS
TSS9552I ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR
TSS9552I ATTRIBUTES=LUUPD
TSS9553I MODE=FAIL DOWN=GLOBAL LOGGING=MSG,SEC9
TSS9554I UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
TSS9560I FACMATRX=NO EXTSEC=YES EJBRPRFX=NO
TSS9561I XJCT=NO XFCT=YES XCMD=YES XDCT=YES XTRAN=YES XDB2=NO XEJB=NO
TSS9561I XTST=NO XPSB=NO XPCT=NO XPPT=YES XAPPC=NO XUSER=NO
TSS9561I XHFS=NO XRES=NO
TSS9564I PCTEXTSEC=OVERRIDE PCTCMDSEC=OVERRIDE PCTRESSEC=OVERRIDE
TSS9565I DSNCHECK=YES LTLOGOFF=NO RLP=NO SLP=NO PCLOCK=NO
TSS9566I MAXUSER=00256 PRFT=003 MAXSIGN=010,RETRY
TSS9567I CICSCACHE=TASKLIFE,NOAUDIT,0512 BYPLIST=YES
TSS0300I MODIFY FUNCTION SUCCESSFUL

A '4' means CICSPROD FACILITY type. See table below how to equate the '4' to a FACILITY type.


The possible values for TYPE= are:
BATCH, FLJOBTYP=1, | USER30, FLJOBTYP=52
STC, FLJOBTYP=2, | USER31, FLJOBTYP=53
TSO, FLJOBTYP=3, | USER32, FLJOBTYP=54
CICSPROD, FLJOBTYP=4, | USER33, FLJOBTYP=55
IMSPROD, FLJOBTYP=5, | USER34, FLJOBTYP=56
NCCF, FLJOBTYP=6, | USER35, FLJOBTYP=57
ROSCOE, FLJOBTYP=7, | USER36, FLJOBTYP=58
VM, FLJOBTYP=8, | USER37, FLJOBTYP=59
VAMSPF, FLJOBTYP=9, | USER38, FLJOBTYP=60
WYLBUR, FLJOBTYP=10, | USER39, FLJOBTYP=61
IDMSPROD, FLJOBTYP=11, | USER40, FLJOBTYP=62
JES, FLJOBTYP=12, | USER41, FLJOBTYP=63
TONE, FLJOBTYP=13, | USER42, FLJOBTYP=64
INTERACT, FLJOBTYP=14, | USER43, FLJOBTYP=65
ENVIRON, FLJOBTYP=15, | USER44, FLJOBTYP=66
USER5, FLJOBTYP=16, | USER45 FLJOBTYP=67
CICSTEST, FLJOBTYP=17, | USER46, FLJOBTYP=68
IMSTEST, FLJOBTYP=18, | USER47, FLJOBTYP=69
USER0, FLJOBTYP=19, | USER48, FLJOBTYP=70
USER6, FLJOBTYP=20, | USER49, FLJOBTYP=71
COMPLETE, FLJOBTYP=21, | USER50, FLJOBTYP=72
IDMSTEST, FLJOBTYP=22, | USER51, FLJOBTYP=73
USER7, FLJOBTYP=23, | USER52, FLJOBTYP=74
USER8, FLJOBTYP=24, | USER53, FLJOBTYP=75
CA7, FLJOBTYP=25, | USER54, FLJOBTYP=76
USER9, FLJOBTYP=26, | USER55, FLJOBTYP=77
ACEP, FLJOBTYP=27, | USER56, FLJOBTYP=78
USER4, FLJOBTYP=28, | USER57, FLJOBTYP=79
USER3, FLJOBTYP=29, | USER58, FLJOBTYP=80
USER2, FLJOBTYP=30, | USER59, FLJOBTYP=81
USER1, FLJOBTYP=31, | USER60, FLJOBTYP=82
USER10, FLJOBTYP=32 | USER61, FLJOBTYP=83
USER11, FLJOBTYP=33 | USER62, FLJOBTYP=84
USER12, FLJOBTYP=34 | USER63, FLJOBTYP=85
USER13, FLJOBTYP=35 | USER64, FLJOBTYP=86
USER14, FLJOBTYP=36 | USER65, FLJOBTYP=87
USER15, FLJOBTYP=37 | USER66, FLJOBTYP=88
USER16, FLJOBTYP=38 | USER67, FLJOBTYP=89
USER17, FLJOBTYP=39 | USER68, FLJOBTYP=90
USER18, FLJOBTYP=40 | USER69, FLJOBTYP=91
USER19, FLJOBTYP=41 | RESERVE1 FLJOBTYP=92
USER20, FLJOBTYP=42 | RESERVE2 FLJOBTYP=93
USER21, FLJOBTYP=43 | RESERVE3 FLJOBTYP=94
USER22, FLJOBTYP=44 | RESERVE4 FLJOBTYP=95
USER23, FLJOBTYP=45 | RESERVE5 FLJOBTYP=96
USER24, FLJOBTYP=46 | RESERVE6 FLJOBTYP=97
USER25, FLJOBTYP=47 | APPC, FLJOBTYP=98
USER26, FLJOBTYP=48 | HSM, FLJOBTYP=99
USER27, FLJOBTYP=49 | DB2PROD, FLJOBTYP=100,
USER28, FLJOBTYP=50 | DB2TEST, FLJOBTYP=101,
USER29, FLJOBTYP=51 | CONSOLE, FLJOBTYP=102,

The values above are in decimal. The field itself will contain a
hex value (ie FLJOBTYP for USER38 will be x'3C', which is decimal 60).

TYPE= is documented at the following link:

2. I have a field FLTYPNUM, which I took to be FLCLASS, but even so, the definitions list is incomplete (I have an ‘S’ item, which I assume is “System”, but isn’t described here.

FLCLASS DS X RESOURCE CLASS:
$ARAPPL EQU C'A' APPLICATION
$ARSUBM EQU C'B' SUBMIT ACID
$ARCHANG EQU C'C' SECURITY FILE CHANGE
$ARDSN EQU C'D' DSN PREF
$ARDCT EQU C'E' CICS DCT
$ARFCT EQU C'F' CICS FCT
$ARJCT EQU C'J' CICS JCT
$ARTSS EQU C'O' TSS OPTIONS
$ARPGM EQU C'P' PROGRAM
$ARTERM EQU C'T' TERMINAL
$ARTAPEV EQU C'V' TAPE VOLUME
$ARDASDV EQU C'W' DASD VOLUME
$ARXACTN EQU C'X' TRANSACTION

at https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-top-secret-for-z-os/16-0/reporting/tssutil-utility/smf-type-80-record-layout.html#toccontentbroadcomtechdocsusencamainframesoftwaresecuritycatopsecretforzos160reportingtssutilutilitytssutilreportdescriptionhtmlTSSUTILReportDescription

Answer:
FLTYPNUM is the value preceding the job number assigned to the job in a the syslog. FLTYPNUM will contain a J, S or T indicating what type of job it is.

J = Batch Job
S = Started task
T = TSU = TSO user session.

Example job numbers from some jobs:

S0066002 00000090 IEF403I SMFDMP - STARTED - TIME=09.32.24
T0066043 00000090 $HASP100 TCSFJA ON TSOINRDR
J0066046 00000090 $HASP100 TCSFJASP ON INTRDR

S0066002, T0066043 and J0066046 are the job numbers.

Powered by Wolken Software