Storage Key Considerations for z/OS CSA Subpools

The ALLOWUSERKEYCSA(YES/NO) parameter was introduced in z/OS V1.8. Its purpose is to prevent jobs from allocating storage from CSA subpools using user keys 8 through 15. In z/OS V1.8 and earlier, the default is ALLOWUSERKEYCSA(YES). Starting at V1.9, the default is ALLOWUSERKEYCSA(NO).
idms19
The ALLOWUSERKEYCSA(YES/NO) parameter was introduced in z/OS V1.8. Its purpose is to prevent jobs from allocating storage from CSA subpools using user keys 8 through 15. The default and support for ALLOWUSERKEYCSA(YES/NO) varies depending on the version of z/OS that is used:
  • In V1.8 and earlier, the default is ALLOWUSERKEYCSA(YES).
  • In V1.9, the default is ALLOWUSERKEYCSA(NO).
  • As of V2R4 and later, ALLOWUSERKEYCSA(YES) is not supported.
Determine the ALLOWUSERKEYCSA Setting
You can determine the setting of ALLOWUSERKEYCSA by issuing the
D DIAG
command from the
z/OS console
:
  • If
    YES
    is specified, the setting does not impact CA IDMS or jobs that communicate with CA IDMS through the External Run Unit System (for example, Batch to CV, CICS).
  • If
    NO
    is specified, the CA IDMS system abends during startup with a system code of B78-5C. To avoid the abend, take the following steps:
  1. Ensure that STEPLIB is authorized and contains RHDCTCKR, RHDCCKUR, RHDCOMVS. Include any other aliases that are used for RHDCOMVS in the EXEC= statement in your startup JCL (for example, IDMSDC). To perform this step, include and authorize only the CA IDMS software library (provided as CAGJLOAD at installation) in STEPLIB. You can also create a separate library that includes only those modules. (IDMS loads everything else from CDMSLIB.)
  2. Authorize that load library by adding a control statement to the appropriate SYS1.PARMLIB(PROG..) member, for example, APF ADD DSNAME(
    my.apflib
    ) VOLUME(
    vvvvvv
    ).
  3. Update the appropriate SYS1.PARMLIB(SCHED..) member to include the following line:
    PPT PGMNAME(
    module name
    ) ,KEY(4),NOSWAP
    • module name
      Specifies the CA IDMS/DC startup module name - RHDCOMVS, IDMSDC, or IDMSDCV.
      If your IDMS SVC is created with #SVCOPT parameter CVKEY=*, the change to run the IDMS CV in Key 4 has no effect on the use of that SVC. However, if CVKEY is specified as a number, the SVC verifies that the IDMS CV is running in that primary protect key. If it does not match, the CV abends with Se
      nn
      , where
      nn
      is the hexadecimal SVC number used. The SVC must be recreated with parameter CVKEY=4 and must be refreshed with CAIRIM before bringing up the CV in Key 4.
  4. In the CA IDMS startup JCL, ensure that the library containing the startup module, RHDCTCKR, and RHDCCKUR is the only library that is specified in STEPLIB.
  5. Specify STEP=Y on the EXEC parm as follows:
    //IDMSDC EXEC PGM=RHDCOMVS,REGION=0M,TIME=1440, // PARM='S=100,STEP=Y '
    You can also specify that CA IDMS is to load RHDCCKUR and RHDCTCKR from STEPLIB using the positional "S" startup parameter as follows:
    1 2 3 4 12345678901234567890123456789012345678901 //IDMSKY EXEC PGM=RHDCOMVSW,REGION=0K,TIME=1440, // PARM='S=100 S '
    "S" in position 10 following the system number instructs the CA IDMS system to load RHDCCKUR and RHDCTCKR from STEPLIB.
To verify that key 4 is being used, you can run the DCPROFIL task. See the PRIMARY STORAGE PROTECT KEY field.
During CA IDMS system initialization, if an abend occurs, a complete system dump may not be captured. The capture is incomplete because the system key is used instead of a user key. The operating system does not dump storage for keys 0 through 7 (system keys).
To ensure that complete dumps are always captured, the user who is associated with the startup of the CA IDMS system must be granted READ access to facility IEAABD.DMPAKEY. For more information about the procedures to grant access to a facility, see the appropriate security sub-system documentation.