The main goal here is to control ACCOUNT field on every TSO logon.
Unfortunately using the TSSINSTX POST-INIT entry, the field TXAIACCT which should contain an address to point the ACCOUNT flied is always empty.
The TSSINSTX is the Top Secret Site Security Installation Exits which is documented in the in CA Top Secret User Guide Chapter #19:
Chapter 19: Extending Security With Site Security Exits.
The signon for normal TSO/E processing does NOT provide the ACTINFO= parameter, and thus can't be used to check the ACCT information entered at logon time. It's why the TXAIACCT is always zeroed.
However, if an SMS signon is required, that signon will provide the ACTINFO= information. This means that any procedure that contains a DD statement with DISP=NEW or DISP=MOD (including any DD statement without DISP=, as the default is DISP=NEW) will pass the account information to the exit, but any procedure without such DD statement will NOT.
That makes this TSSINSTX unreliable for checking account information on TSO Logons. It is likely that TSO exits (possibly IKJEFLN2) would work better, although the coding would be substantially different.
This being said, if the two conditions below are met then TSSINSTX can be used:
First, SMS must be activate on the system.
Second, a temporary dataset must be allocated in any TSO procedure.
Like it is shown below:
//DUMMYDD DD UNIT=SYSDA,SPACE=(TRK,(1,1)) Then the TSSINSTX POST-INIT entry code could be: L R2,TXAITYPE TSO? CLI 0(R2),X'03' BNE EXIT0 NO GET OUT ICM R8,15,TXA#PGMS BZ EXIT0 LA R8,10(R8) SKRUNPG1 (SMS) CLC 0(8,R8),=C'IEFNB903' BNE EXIT0 No SMS call CLC TXAIACCT,=F'0' BNE ACCTFND WTO 'POSTINIT DID NOT FIND ACCT INFO' B EXIT0 ACCTFND DS 0H WTO 'POSTINIT FOUND ACCT INFO' B EXIT0
This code is written to ensure to check the correct event where the ACCOUNT data can be retrieve from.
Release: TOPSEC00200-15-Top Secret-Security