SYSVIEW Boost command has subcommands that can do updates, but PGM=GSVUSAFE, report only shows primary command and READ
search cancel

SYSVIEW Boost command has subcommands that can do updates, but PGM=GSVUSAFE, report only shows primary command and READ

book

Article ID: 210878

calendar_today

Updated On:

Products

SYSVIEW Performance Management

Issue/Introduction

Are there subcommands for external security for the BOOST command?

The help panels say that executing line commands SHUT and STOP issue operator commands, but I see no SV.SUBC or SV.RESN command to secure it.

Shouldn't the BOOST be READ, but have two sub-commands for SHUT and START STOP, and those would be coded for external security as UPDATE?

This is similar to other discussions on security about READ actually being READ, UPDATE being UPDATE, and commands and subcommands being able to be secured via external security in the product


Line Command     | Description                                 
-----------------+---------------------------------------------
SHUT            | Issues the operator command "START IEASDBS" 
                      | to start a Shutdown System Recovery Boost.  
-----------------+---------------------------------------------
STOP            | Issues the operator command "START IEABE"   
                      | to stop the currently active System Recovery
                      | Boost. You can use this command to stop IPL 
                      | or Shutdown Boosts.                         

Environment

Release : 16.0

Component : SYSVIEW

Resolution

SHUTDOWN and STOP on the BOOST display are line commandsnot sub-commands, so there are no associated SV.SUBC resources to secure.

Issuing the SHUTDOWN line command from BOOST is equivalent to issuing the MVS START IEASDBS command from the SYSVIEW command line, and likewise, the STOP line command would be equivalent to issueing the MVS START IEABE command.

Both of these line commands would require access to the SV.CMND.*.MVS resource. If the user has access to the SYSVIEW MVS command, they would still be subject to authorization checks for the following resources in the OPERCMDS class:

UPDATE access to MVS.START.STC.IEASDBS

UPDATE access to MVS.START.STC.IEABE

SHUTDOWN and STOP on the BOOST display are line commandsnot sub-commands, so there are no associated SV.SUBC resources to secure.

Issuing the SHUTDOWN line command from BOOST is equivalent to issuing the MVS START IEASDBS command from the SYSVIEW command line, likewise, the STOP line command would be equivalent to issueing the MVS START IEABE command. Both of these line commands would require access to the SV.CMND.*.MVS resource. If the user has access to the SYSVIEW MVS command, they would still be subject to authorization checks for the following resources in the OPERCMDS class:

UPDATE access to MVS.START.STC.IEASDBS

UPDATE access to MVS.START.STC.IEABE

Additional Information

Architecturally, subcommands are things you enter on the primary Command line;
Line commands are issued in context on a data row and architecturally each are secured in a different fashion. 
BOOST does not have any subcommands, thus no SV.SUBC type calls.
 
The SHUT and STOP line commands on BOOST take an action by issuing an operator command using the SYSVIEW MVS command.  The MVS command has two layers of security:
 
1. Use of the MVS command itself, secured by SV.CMND.*.MVS
 
2. The content of the MVS command can be secured using the MVSCMD resource, e.g. SV.RESN.*.MVSCMD.command
 
The SHUT line command issues MVS START IEASDBS, so the external resource check would be SV.RESN.*.MVSCMD.START.IEASDBS
For STOP it would be SV.RESN.*.MVSCMD.START.IEABE
 
The MVSCMD resource check will replace any blanks in the command string with periods, otherwise the content following the MVSCMD node will be exactly as was entered.  So to also cover someone manually entering a command like MVS S IEASDBS consider using masking if you are able to, e.g. SV.RESN.*.MVSCMD.S*.IEASDBS or SV.RESN.*.MVSCMD.*.IEASDBS
Powered by Wolken Software