Global System Option Records (GSO)

CA selects record IDs for global system options (GSO) records. They are not site-definable or modifiable.
acf2src16
CA selects record IDs for global system options (GSO) records. They are not site-definable or modifiable.
Each record has a unique set of fields. These predefined record IDs are listed in the following table, together with their basic functions:
Record ID
Function
APPLDEF
Defines the format of site-defined and other structured infostorage application records.
AUTHEXIT
Contains the vendor or site exit information that supports the secondary authentication facility.
AUTOERAS
Controls the automatic physical erasure of data sets.
AUTOIDLX
Controls the automatic assignment of UID and GID values for
PROFILE(USER),DIV(LINUX), and
PROFILE(GROUP),DIV(LINUX), records.
AUTOIDOM
Controls the automatic assignment of UID and GID values for PROFILE(USER),DIV(OMVS) and PROFILE(GROUP),DIV(OMVS) records.
BACKUP
This record contains the CPU, command string information, and time when the automatic database backup utility is to occur. It can also control the space allocations for the backup work files.
BLPPGM
Specifies those programs that are authorized to use tape bypass label processing (BLP).
CACHESRV
Defines R_cacheserv cache names to
CA ACF2
.
CRITMAP
Allows mapping of digital certificates to one of a number of
CA ACF2
logonids based on the system ID, application ID, or application-defined variables specified on the CRITMAP record.
CERTMAP
Allows mapping of multiple digital certificates to a single
CA ACF2
logonid.
CHORUS
Specifies information used by
CA Chorus™
.
CLASMAP
Translates an eight-character SAF resource class into a three-character
CA ACF2
resource type code, which lets you write resource rules to perform validation. CLASMAP also translates the resource type codes for
CA ACF2
calls or calls made to
CA ACF2
from CA Standard Security Facility (CAISSF).
DELRSRC
Specifies a generalized resource or DB2 resource that is delegated in the system. Security administrators should only create delegated resources if an application explicitly requires it.
EIM
Provides support for IBM Enterprise Identity Mapping.
ETAUDIT
Implements event filter controls so only the selected
CA ACF2
security event notifications are transmitted to CA Audit.
EXITS
Specifies the module names of site-written
CA ACF2
exit routines.
INFODIR
Specifies the infostorage directories and rule sets that are to be made resident at
CA ACF2
initialization time.
LINKLST
Specifies one or more partitioned data sets that are considered part of the system link list (SYS1.LINKLIB) during data set access validation.
LINUX
Defines Linux machines to
CA ACF2
.
LOGPGM
Specifies those programs for which all data set accesses are logged.
MAINT
Specifies the logonid, program, and library combinations used for system maintenance functions.
MLID
Specifies a logonid compression algorithm used in the MUSASS (Multiple-User, Single Address Space System) environment to reduce virtual storage requirements. Logon compression eliminates unused or unnecessary information from the resident portion of the logonid record.
MLSOPTS
Specifies Multilevel Security (MLS) global options available on a system.
MUSASS
Defines special processing to be performed by
CA ACF2
on behalf of a MUSASS (Multiple-User, Single Address Space System) to reduce
CA ACF2
storage requirements and CPU overhead.
NJE
Specifies
CA ACF2
validation options that apply to jobs submitted through a network job entry subsystem (JES2, JES3, RSCS).
NODELIST
Specifies the user nodelists or group of target node(s) available on a system.
OPTS
Specifies the global options available to the system.
PDS
Specifies partitioned data sets that will be protected at the member level.
PPGM
Specifies protected programs that can be executed only by privileged users.
PROXY
Specifies the default PROXY and EIM information.
PSWD
Specifies the user password controls.
PWPHRASE
Specifies the global user password phrase controls.
REALM
Defines the characteristics of local and foreign Network Authentication and Privacy Services realms.
RESDIR
Specifies those resource rule directories that are to be made globally resident at CA ACF2 initialization time.
RESRULE
Specifies those data set access rules that are to be made resident at CA ACF2 initialization time.
RESVOLS
Specifies those DASD and mass storage volumes for which CA ACF2 is to provide data-set-level protection.
RESWORD
Specifies the words or word prefixes that cannot be used in passwords.
RULEOPTS
Specifies the options pertinent to access and resource rule maintenance.
SAFDEF
Defines System Authorization Facility (SAF) calls that your site wants to process differently than the default CA ACF2 process.
SECVOLS
Specifies those DASD and tape volumes for which CA ACF2 is to provide volume-level protection.
SIGVER
Defines programs that need to have their digital signature verified prior to allowing the program to be loaded.
SYNCOPTS
Defines the cache synchronization processing for a CPU running in a shared CA ACF2 database environment.
SYSPLEX
Specifies options for CA ACF2 use of command broadcast (XCS) and data sharing (XES) in the SYSPLEX environment.
STC
Assigns a logonid and optional groupid based on the started task ID.
TNGNODE
Specifies the CA Common Services nodes that act as monitors for mainframe SNMP traps.
TSO
Specifies TSO/E system-wide options and default logon parameters.
TSOCRT
Specifies a screen-clear string used to obliterate the logon password on ASCII CRT devices.
TSOKEYS
Specifies site-supplied keywords that CA ACF2 permits at TSO logon time.
TSOTWX
Specifies a cross-out mask used to obliterate the logon password on TWX devices.
TSO2741
Specifies a cross-out string used to obliterate the logon password on 2741 devices.
UNIXOPTS
Specifies global options pertinent to the UNIX System Services (OMVS) environment.
WARN
Specifies a warning message to be issued to the user when the system is in WARN mode and a violation is detected.
You can use ISPF panels and ACF commands to create and maintain GSO records. For more information, see Processing GSO Records Using the ACF Command or ISPF Panel.
You can create a privilege list for some fields of certain GSO records. A privilege list specifies the CA ACF2 logonid privilege that a user must have to perform a particular function.
Detailed information on the GSO records is provided in the following sections.
SYSID Implications
GSO records are grouped in the InfoStorage database by SYSID. The SYSID determines which GSO records will be selected to be used by CA ACF2 on a particular system. The SYSID can be specified as a startup parameter (for example, S ACF2,PARM='SYSID(PRD1)', or if no SYSID is specified on the START command, the SMFID will be used.
All GSO records are read from the InfoStorage database and are initially sorted, within ID, by their SYSID, most specific first and least specific last. For certain record IDs, only one record can be selected. CA ACF2 selects the record with the SYSID that most specifically matches the SYSID for this iteration of CA ACF2. These record IDs include: AUTOERAS, AUTOIDOM, BACKUP, CACHESRV, EIM, ETAUDIT, EXITS, INFODIR, LOGPGM, MLSOPTS, OPTS, PPGM, PROXY, PSWD, PWPHRASE, RESDIR, RESRULE, RESVOLS, RESWORD, RULEOPTS, SECVOLS, SYNCOPTS, SYSPLEX, TSO, TSOCRT, TSOKEYS, TSOTWX, TSO2741, UNIXOPTS, and WARN.
For the remaining record Ids, CA ACF2 selects all records whose SYSID matches the specified SYSID, whether the match is specific or masked. The selected records are then sorted, within ID, by criteria based on the contents of various record fields. These record Ids are: APPLDEF, AUTOIDLX, AUTHEXIT, BLPPGM, CERTMAP, CRITMAP, CLASMAP, DELRSRC, LINKLST, LINUX, MAINT, MLID, MUSASS, NJE, PDS, REALM, SAFDEF, STC, and TNGNODE.