SDSF menu on WARN mode
Article ID: 244714
Updated On: 07-08-2024
Products
Issue/Introduction
z/OS 2.5 SDSF security conversion from internal to TSS.
When MODE is IMPL/FAIL,
the expected commands on the SDSF menu displayed.
the SDSF Group is the group given in the profile.
When MODE is WARN ,
the all commands on the SDSF menu displayed.
the SDSF Group is different from the group given in the profile.
Is it possible to list defined commands on SDSF menu and set Group to be defined in the profile when MODE is WARN ?
ACID USER001 has following definition.
TSS REV(USER001) SDSF(GROUP.DEVGRP.SDSF) ACC(READ)
IMPL/FAIL mode
----------------------
- SDSF menu
SDSF MENU V2R5M0 LOCAL nnnn LINE 1-4 (4)
COMMAND INPUT ===> SCROLL ===> PAGE
NP NAME Description Group Status
I Input queue Jobs
H Held output queue Output
ULOG User session log Log
HELP SDSF help facility SDSF
- SDSF Group in WHO command
USERID=USER001,PROC=PROCTSO,TERMINAL=terminal-id,GRPINDEX=4,GRPNAME=DEVGRP,
MVS=z/OS 02.05.00,JES=z/OS 2.5,SDSF=xxxxxxx,ISPF=7.5,RMF/DA=HSF,SERVER=YES,
SERVERNAME=SDSF,JESNAME=JES2,MEMBER=nnnn,JESTYPE=JES2,SYSNAME=nnnn,
SYSPLEX=LOCAL,COMM=NOTAVAIL,COMMX=ENABLED,JOBID=T0000000,XCFGROUP=XCF001,
SESSID=1,NUMSESS=1
WARN mode
----------------------
- SDSF menu
SDSF MENU V2R5M0 LOCAL nnnn LINE 1-40 (73)
COMMAND INPUT ===> SCROLL ===> PAGE
NP NAME Description Group Status
DA Active users Jobs
I Input queue Jobs
O Output queue Output
H Held output queue Output
ST Status of jobs Jobs
JG Job groups JES
SYM System symbols System
LOG System log Log
SR System requests Log
MAS Members in the MAS JES
JC Job classes JES
SE Scheduling environments WLM
RES WLM resources WLM
ENC Enclaves WLM
PS Processes OMVS
SYS System information System
ENQ Enqueues System
:
:
- SDSF Group in WHO command
USERID=USER001,PROC=PROCTSO,TERMINAL=terminal-id,GRPINDEX=1,GRPNAME=SYSGRP,
MVS=z/OS 02.05.00,JES=z/OS 2.5,SDSF=xxxxxxx,ISPF=7.5,RMF/DA=HSF,SERVER=YES,
SERVERNAME=SDSF,JESNAME=JES2,MEMBER=nnnn,JESTYPE=JES2,SYSNAME=nnnn,
SYSPLEX=LOCAL,COMM=NOTAVAIL,COMMX=ENABLED,JOBID=T0000000,XCFGROUP=XCF001,
SESSID=1,NUMSESS=1
Environment
Release : 16.0
Component : Top Secret for z/OS
Resolution
SDSF issues a security call with ISFCMD.xxxx.xxxxx of SDSF resource class for a command when a user opens a SDSF menu.
With WARN mode, these requests are permitted, so all commands are displayed on SDSF MENU.
In WARN mode, to display SDSF Menu as same as IMPL/FAIL mode,
define TSS PER(acid) SDSF(ISFCMD.) ACC(NONE) ACTION(FAIL) or TSS PER(acid) SDSF(ISFCMD.) ACC(ALL) ACTION(PASSWORD,FAIL).
With TSS PER(acid) SDSF(ISFCMD.) ACC(NONE) ACTION(FAIL), TSS will issue message when the request is logged.
With TSS PER(acid) SDSF(ISFCMD.) ACC(ALL) ACTION(PASSWORD,FAIL). SDSF will issue message when the request is logged.
SDSF issues a security call with GROUP.xxxx.SDSF of SDSF resource class for SDSF group when a user opens a SDSF menu.
With WARN mode, these requests are permitted, so the first group to be checked in the definition (GRPINDEX=1) is permitted and applied to the ACID.
In WARN mode, to permit SDSF group as same as IMPL/FAIL mode, define TSS PER(acid) SDSF(GROUP.) ACC(NONE) ACTION(FAIL).
Feedback
