SHOW Subcommand -- All Other Settings

The SHOW subcommand lists information about CA ACF2 as it is running on your system.
acf2src16
The SHOW subcommand lists information about CA ACF2 as it is running on your system. You cannot issue a SHOW subcommand to display data about a remote system. The SHOW subcommand accepts only one parameter at a time.
  • ACF2|ALL
    Gives you the comprehensive result of issuing separate SHOW subcommands with the parameters ACTIVE, APPLDEF, CLASMAP, CPF, DB2, DDSN, DELRSRC, LINKLST, LDS, MLID, MLS, MUSASS, NJE, PROGRAMS, RESIDENT, RSRCTYPE, RSVWORDS, SAFDEF, STATE, SYSPLEX, SYSTEMS, TNG, TSO, and ZEROFLDS.
  • ACTive
    Displays the CA ACF2 intercepts that have received control (denoted by YES). Also displays local exits that are specified in the GSO EXITS record.
    -- ACF2 INTERCEPTS THAT HAVE RECEIVED CONTROL -- DASD-OPEN(YES) DASD-EOV(NO) VSAM-OPEN(YES) TAPE-OPEN(NO) TAPE-EOV(NO) CATALOG(NO) USER CALL(NO) EXTERNAL CALL(NO) PROGRAM CALL(YES) JOB/STEP TERM(YES) TSO-MVS(YES) CAT-CVOL(NO) NONVSAM-ERASE(YES) VSAM-ERASE(YES) VTAM-OPEN(YES) -- LOCAL EXITS SPECIFIED ON THIS SYSTEM -- DSN PRE-VALIDATE=NONE DSN POST-VALIDATE=NONE DSN VIOLATION=NONE PSEUDO DSN GENERATE=NONE RSRC PRE-VALIDATE=NONE RSRC POST-VALIDATE=NONE STC VALIDATE=NONE SOURCE MODIFICATION=NONE LOGON PRE-VALIDATE=NONE LOGON POST-VALIDATE=NONE PASSWORD EXPIRATION=NONE NEW PSWD VALIDATE=NONE NEW PWP VALIDATE=NONE RULE PRE-PROCESS=NONE RULE POST-PROCESS=NONE INFO PRE-PROCESS=NONE INFO POST-PROCESS=NONE SVC INITIALIZATION=NONE TSO LOGON TERM TYPE=NONE TSO LOGON PARM=NONE DDB LID NODE LOC=NONE DDB USER INFO MOD=NONE LID PRE-PROCESS=NONE LID POST-PROCESS=NONE SEV PRE-PROCESS=VACFSEVP (INACTIVE) SEV POST-PROCESS=NONE PROGRAM OVERRIDE=NONE CPF EXIT=NONE -- ACF2 DDB FACILITY -- DDB = INACTIVE -- ACF2 CACHE FACILITY -- DATABASE CACHE = INACTIVE CACHE SYNCHRONIZER = INACTIVE -- ACF2 CPF FACILITY -- CPF STATUS = INACTIVE -- ACF2 SYSPLEX FACILITY -- XES STATUS = INACTIVE XCF STATUS = INACTIVE -- ACF2 LDS FACILITY -- LDS=STATUS=INACTIVE -- Multilevel Security (MLS) Facility -- MLS Status: ACTIVE MLS Mode: QUIET WRITE-DOWN: ALLOWED Current SYSID: XE41 Seclabel by system ID: INACTIVE UNIX Files/Directories: SECLABELS NOT REQUIRED UNIX IPC Objects: SECLABELS NOT REQUIRED -- AUTHENTICATION EXITS ON THIS SYSTEM: LIDFLD / PROCESS PROGRAM / INFOSTG -- NONE -- ADVANCED AUTHENTICATION MAINFRAME (AAM) FACILITY -- AAM STATUS = INACTIVE
  • APpldef
    Displays all active site-defined structured infostorage applications.
    show appldef -- INSTALLATION DEFINED STRUCTURE INFO-STORAGE APPLICATIONS -- CLASS (SHORT / LONG): I / IDENTITY TYPE (SHORT / LONG): AUT / AUTHSUP SELECTION AUTHORIZATION: SECURITY, ACCOUNT, AUDIT, CONSULT, LEADER DEFAULT DIVISION ROUTINE: ACF00DFT ACTIVE DIVISION: AUTHSUP3 ASSOCIATED RSB / RECORD ID: ACF2RSB1 / ******** CLASS (SHORT / LONG): I / IDENTITY TYPE (SHORT / LONG): AUT / AUTHSUP SELECTION AUTHORIZATION: SECURITY, ACCOUNT DEFAULT DIVISION ROUTINE: ACF00DFT ACTIVE DIVISION: AUTHSUP5 ASSOCIATED RSB / RECORD ID: ACF2RSB2 / ******** CLASS (SHORT / LONG): C / CONTROL TYPE (SHORT / LONG): SMS / SMS SELECTION AUTHORIZATION: SECURITY, ACCOUNT ASSOCIATED RSB / RECORD ID: ACFDRSMS / ********
  • AUTOERAS
    Controls whether erase-on-scratch processing is to be performed when you delete data sets. There are two methods that can be used to provide erase-on-scratch support, the CA ACF2 method and the SAF method.
    show autoeras (with PROCESS=ACF2) -- AUTOMATIC ERASE OPTIONS -- ERASE PROCESS=ACF2 -- ACF2 ERASE PROCESS CONFIGURATIONS -- VSAM ERASE=NO NON-VSAM ERASE=NO -- AUTOMATIC ERASE VOLUMES -- NONE SPECIFIED -- SAF ERASE PROCESS CONFIGURATIONS -- ERASEALL=NO SECLEVEL=NO SECLVL NUMBER = 0 show autoeras (with PROCESS=SAF) -- AUTOMATIC ERASE OPTIONS -- ERASE PROCESS=SAF -- ACF2 ERASE PROCESS CONFIGURATIONS -- VSAM ERASE=NO NON-VSAM ERASE=NO -- AUTOMATIC ERASE VOLUMES -- 111111 222222 -- SAF ERASE PROCESS CONFIGURATIONS -- ERASEALL=YES SECLEVEL=YES SECLVL NUMBER = 0
  • CACHESRV
    Displays the R_cacheserv definitions currently in use. You must specify CACHESRV to see R_cacheserv. To see CA ACF2 cache information only, use the SHOW ACTIVE command.
    show cachesrv -- GSO CACHESRV DEFINITIONS for R_cacheserv - R_cacheserv hardening is ACTIVE The R_cacheserv file name is SSDRCM.RCACHE. Cache Names Eligible for Hardening ----------------------------------- RCAC01 RCAC08 RCAC10 RSYS01 RSYS02
  • CErtmap
    Displays information that is contained in CERTMAP records as laid out in the internal CERTMAP table. The display first shows data from records that contain both IDNFILTER and SDNFILTER. Followed by records with only SDNFILTER, and finally records with only IDNFILTER.
    sho certmap -- CERTMAP FILTERING TABLES -- IDN/SDN FILTERS --------------- IDN FILTER SDN FILTER Label TRUST USER CRITERIA ================================ ===== ======== ============================== ACF2 DEVELOPMENT Y ACF2DEVL CN=CAI CERT AUTHORITY.OU=ACF2 D EVELOPMENT.O=COMPUTER ASSOCIATE S.L=LISLE.ST=ILLINOIS.C=US OU=ACF2.OU=DEVELOPMENT.OU=COMPU TER ASSOCIATES.L=LISLE.ST=ILLIN OIS.C=US JASMINE II DEVELOPMENT Y JASMINE CN=CAI CERT AUTHORITY.OU=ACF2 D EVELOPMENT.O=COMPUTER ASSOCIATE S.L=LISLE.ST=ILLINOIS.C=US OU=JASMINE II.OU=DEVELOPMENT.OU =CA TECHNOLOGIES.L=ISLANDIA .ST=NEW YORK.C=US UNICENTER TNG DEVELOPMENT Y TNG CN=CAI CERT AUTHORITY.OU=ACF2 D EVELOPMENT.O=CA TECHNOLOGIES S.L=LISLE.ST=ILLINOIS.C=US OU=UNICENTER TNG.OU=DEVELOPMENT .OU=CA TECHNOLOGIES.L=ISLAN DIA.ST=NEW YORK.C=US TOP SECRET DEVELOPMENT Y TSSDEVL CN=CAI CERT AUTHORITY.OU=ACF2 D EVELOPMENT.O=COMPUTER ASSOCIATE S.L=LISLE.ST=ILLINOIS.C=US OU=TOP SECRET.OU=DEVELOPMENT.OU =CA TECHNOLOGIES.L=PRINCETO N.ST=NEW JERSEY.C=US SDN FILTERS ----------- SDN FILTER Label TRUST USER CRITERIA ================================ ===== ======== ======================== ISLANDIA DEVELOPMENT Y DEVL OU=DEVELOPMENT.OU=COMPUTER ASSO CIATES.L=ISLANDIA.ST=NEW YORK.C =US LISLE DEVELOPMENT N DEVL OU=DEVELOPMENT.OU=COMPUTER ASSO CIATES.L=LISLE.ST=ILLINOIS.C=US DALLAS DEVELOPMENT Y DEVL OU=DEVELOPMENT.OU=COMPUTER ASSO CIATES.L=DALLAS.ST=TEXAS.C=US IDN FILTERS ----------- IDN FILTER Label TRUST USER CRITERIA ================================ ===== ======== ======================= PRIVATE USERS Y OU=CLASS 2 PUBLIC PRIMARY CERTI FICATION AUTHORITY.O=VERISIGN, INC.C=US APPLID=&APPLID.COMPANY=&COMPANY PUBLIC USERS Y OU=CLASS 1 PUBLIC PRIMARY CERTI FICATION AUTHORITY.O=VERISIGN, INC.C=US APPLID=&APPLID
  • CHorus
    Displays the CA Chorus options that are active.
    -- GSO CHORUS - Chorus Settings -- CIA Real Time component ACTIVE = YES CIA Real Time accepting events = YES ACF2 Subtask LOGSTREAM Name = SYS05.LOGSTRM Processing Component LOGSTREAM Name = SYS05.LOGSTRM Auto-start the Processing Component Procedure = YES Processing Component Procedure name = CIARTUPD Maximum storage size in megabytes = 25 SYSID to use in CAI Database = SYS5 Number of lost event records = 0 CIA Global ID User Exit = *NONE* CIA Global ID Logonid Field = LID DSI Communications Port Number = 88 DSI Communications Host Name = https://www.company.com/CIA/realtime Statistics Gathering ACTIVE = NO STAT-G Interval in Seconds = 15
  • CLasmap
    Displays the internal (CA ACF2-defined) and external (site-defined) CLASMAP records.
    show clasmap -- MERGED CLASMAP DEFINITIONS -- MUSASS RESOURCE TYPE ENTITY PROFINT LOG MIXED EXTERNAL POSIT ID CLASS CODE LENGTH VALUE ======== ======== === ====== ======= === ===== ======== ===== ******** AC#CMD SAF 8 ******** ACAPPL ACA 39 ******** ACCBPROC ACC 39 ******** ACCTNUM SAF 39 126 ******** ACDIALOG ACD 39 ******** ACICSPCT SAF 13 5 ******** ACLIST ACL 39 ******** ACMSG ACM 39 ******** ACPANEL ACP 39 ******** ACREPORT ACR 39 ******** ACSQL ACS 39 ******** AIMS SAF 8 4 ******** ALCSAUTH SAF 62 548 ******** APPCLU ALU 35 PROF 118 ******** APPCPORT SAF 8 87 ******** APPCSERV SAF 73 84 ******** APPCSI SAF 26 88 ***
  • CPf
    Displays information about the OPTIONS record and the CPF network as defined in NODEDEF records. Here is the SHOW CPF display that is issued from the NYC node:
    sho cpf -- COMMAND PROPAGATION FACILITY -- CURRENT STATUS: INACTIVE CURRENT SYSID: NYC JOURNALLING: YES CURRENT HOME NODE: NYC LOGDAYS: 30 PASSWORD SYNC: YES COMMAND: YES EXTENDED CPF CMDWAIT: YES UNDEFINED NODES: NO JRNL QUICK START: NO DFTCMD: CHI LA NYC TNG1 DFTPSW: CHI LA NYC TNG1 JRNLRECV: NYC.JRNLRECV.CPFJFILE JRNLSEND: NYC.JRNLSEND.CPFJFILE -- NODE DEFINITIONS -- NODE RECEIVE SEND GATEWAY UNICENTER VM NAME FROM TO NODE NODE NODE ---- -------- ---- ------- --------- ---- CHI YES YES NO NO NO LA NO YES NO NO NO NYC YES YES NO NO NO TNG1 YES YES NO YES NO VMSYS1 YES YES NO NO YES -- NODE STATISTICS - INBOUND OUTBOUND NODE PASSWORD PASSWORD NAME REQUESTS REQUESTS ======== ========= ========= CHI 125 10 LAS 150 123 NYC 0 50 WAS 36 20 NODE RETURNED NAME RECORDS ======== ======== CHI 250 LAS 200 NYC 150 WAS 127
  • CRitmap
    Displays information that is contained in CRITMAP records as laid out in the internal CRITMAP table. The display shows the record id, SYSID, APPLID, USERID, and associated application variables.
    sho critmap -- CRITERIA TABLE -- Record key SYSTEMID APPLID USERID APPLICATION VARS ================= ======== ======== ======== ======================= CRITMAP.PUBLIC2 * CICSAPPL PUBLIC2 CRITMAP.PLATINUM * HRAPPL PLATUSER COMPANY=PLATINUM CRITMAP.UCCEL * HRAPPL UCCUSER COMPANY=UCCEL CRITMAP.PUBLIC1 * WEBAPPL PUBLIC1
  • DB2
    Displays information about each DB2 subsystem that is protected by CA ACF2 Option for DB2 that has been started since you started CA ACF2. This information includes which exits are in use, the mode that is specified for each type of resource, the group ID specified, and any SAFELIST records that are active. For more information about these resource types, see CA ACF2 Option for DB2. If you are not using CA ACF2 for DB2 or DB2 subsystems are not running, no information is displayed.
    show db2 <acfzos>/DB2 RELEASE - 1.2 SP00 -- DB2 SUBSYSTEMS EXITS AND MODES - DSN8 EXITS - DB2PRE() DB2POST() DSN8 MODES - BPL = ABORT DBS = ABORT FNC = ABORT JAR = ABORT PLN = ABORT PRC = ABORT SCH = ABORT SEQ = ABORT STG = ABORT SYS = ABORT TBL = ABORT TSP = ABORT TYP = ABORT GROUP ID = ------- DB2 SAFELIST RECORDS ------- CLASS SERVICE COLUMN RESOURCE ======== ======= ================= ========================= DB2PLAN EXECUTE DSNESPRR
  • DCo
    Displays the DCO DATA class definitions currently in use. For an individual class, specify SHOW DCO(classname)
    show dco --- DATA CLASSIFICATION DEFINITIONS --- DATA CLASS: HIPAA RESOURCE CLASS: DATASET RESOURCE NAME: ACF2SRC- OWNER(S): SMIRO04 - SSDRWS RECID: DATA.RECORD3 RESOURCE CLASS: FACILITY RESOURCE NAME: IRR.DIGTCERT- OWNER(S): JONTH02 - SSDTPJ RECID: DATA.CLASS1 RESOURCE CLASS: RDATALIB RESOURCE NAME: - OWNER(S): JONTH02 - SSDTPJ RECID: DATA.WILLBESARBANESOXLEY DATA CLASS: SARBANES-OXLEY RESOURCE CLASS: DATASET RESOURCE NAME: ACF2SRC- OWNER(S): SMIRO04 - SSDRWS RECID: DATA.RECORD3 RESOURCE NAME: CASAFSRC- OWNER(S): SMIRO04 - SSDRWS RECID: DATA.CASAFSRC RESOURCE CLASS: FACILITY RESOURCE NAME: IRR.DIGTCERT- OWNER(S): JONTH02 - SSDTPJ RECID: DATA.CLASS1 RESOURCE CLASS: RDATALIB RESOURCE NAME: - OWNER(S): JONTH02 - SSDTPJ RECID: DATA
  • DDsn
    Lists the data set names in use for the Rule, Logonid, and Infostorage databases. Also listed are the backup data sets of these databases, if allocated. If a dynamic data set name (DDSN) list was specified or defaulted at CA ACF2 startup, any data set names that are preallocated but different from the names in the DDSN list that are flagged with an asterisk and a note.
    show ddsn -- ACF2 DYNAMIC DATA SET NAMES SPECIFIED -- DDSNS PRIMARY DEFAULTED AT STARTUP. DSNS IN USE ARE: RULES= ACFSYS.ALTRULES LOGONIDS= ACFSYS.ALTLIDS INFOSTG= ACFSYS.ALTINFO BACKRULE= NOA NOT ALLOCATED BACKLID= PRE ACFSYS.BKLIDS BACKINFO= NOA NOT ALLOCATED DDSN LISTS DEFINED IN FDR ARE: PRIMARY RULES= ACFSYS.ALTRULES LOGONIDS= ACFSYS.ALTLIDS INFOSTG= ACFSYS.ALTINFO BACKRULE= SYS1.ACF.BKRULES BACKLID= SYS1.ACF.BKLIDS BACKINFO= SYS1.ACF.BKINFO ALT RULES= SYS1.ACF.ALTRULES LOGONIDS= SYS1.ACF.ALTLIDS INFOSTG= SYS1.ACF.ALTINFO BACKRULE= SYS1.ACF.ABKRULES BACKLID= SYS1.ACF.ABKLIDS BACKINFO= SYS1.ACF.ABKINFO
    The middle column in the section where “DSNS IN USE ARE:” is specified indicates where the data set is defined. Valid values are:
    • PRE
      Preallocation by site.
    • NOA
      Not allocated or defined before CA ACF2 startup.
  • DELrsrc
    Displays the CA ACF2 delegated resources currently active in the system. Delegated resources are defined in the GSO DELRSRC records. The display shows the kind of resource (DB2 or generalized resource), resource type, SYSID (applicable only for DB2 resources), and the resource name.
    show delrsrc -- DELEGATED RESOURCES - Type Sysid Resource ----- ----- ------------------------------------------------------------- D-TBL BBMS USER99.RACROUTE- R-FAC USER99.RACROUTE.TESTDATA
  • EIM
    Displays the current default PROXY settings that are used by Policy Director Authorization Services, and default EIM settings used by Enterprise Identity Mapping.
    In the following example, no PROXY default had been set. The EIM default did not have all fields defined.
    ACF SHO EIM --DEFAULT PROXY INFORMATION SUMMARY --DEFAULTS DO NOT EXIST --DEFAULT EIM INFORMATION SUMMARY BIND DISTINGUISHED NAME: cn=eim administrator, o=CA, st=Illinois, c=US DISTINUGUISHED DOMAIN NAME: NONE LDAP SERVER URL AND PORT: NONE LOCAL REGISTRY: NONE OPTIONS: ENABLE
  • ELEVATE
    Displays all active elevations for all logonids. To display the active elevations, you must have access to TAM.DISPLAY.ALLUSERS in the CA Trusted Access Manager for Z resource class. For more information on this subcommand, see the CA Trusted Access Manager for Z doc set.
    SHOW ELEVATE -- Current TAM Elevations -- User: TEST Start: 09:23:20 11/08/2017 End: 10:23:19 11/08/2017 Class: HERO Desc: permission for HERO Reason: test Service Desk Ticket#: Role: SUPPORT AltUID:
  • EMAIL
    Displays the email addresses in email address sort order from the WORKATTR USER profile data records. This display is limited to users with the Account, Audit and/or Security privilege.
    SHOW EMAIL-- USERS EMAIL ADDRESS - User Email Address----------- -------------------------------------BOLOGNA [email protected] [email protected] [email protected] [email protected] ttttttttttttttttttttttttttttttttttttttttttttttttt [email protected] [email protected]
  • ETAudit
    Displays the control options that are in effect for communicating security events to CA Audit® .
    If the GSO OPTS record field ETAUDIT is specified, the following output is displayed:
    SHOW ETAUDIT -- CA Audit Control Options -- Start of ACF2 (S ACF2): NO Stop of ACF2 (P ACF2): NO Modify of ACF2 (F ACF2): NO Signons: NO Signoffs: NO Signon violations: NO Security label violations: NO Data set violations: NO Data set loggings: NO Resource violations: NO Resource loggings: NO Logonid administration: NO Logonid administration violations: NO Rule administration: NO Rule administration violations: NO Resource rule administration: NO Resource rule administration violations: NO Infostg record administration: NO Infostg record administration violations: NO USS ck_access: NO USS initUSP: NO USS deleteUSP: NO USS initACEE: NO USS R_audit: NO USS R_chaudit: NO USS R_chmod: NO USS R_chown: NO USS R_setfacl: NO USS R_setgid: NO USS R_setegid: NO USS R_setuid: NO
  • Fields(
    recid
    )
    Displays all logonid field names that you have the authority to view or modify. If your logonid has any special privileges (SECURITY, ACCOUNT, AUDIT, LEADER, or CONSULT), this display includes the fields that you can modify in the logonid records of other users. An asterisk precedes the fields that you can modify in your own logonid record or in other logonid records. A plus sign (+) before a field indicates this is a multi-value field and may contain more than one value. It also indicates you have authority to change the field.
    show fields -- IDENTIFICATION -- *COMPANY *DEPT *IDNUM *LEVEL LID *LOCATION *NAME *OLDLID *PASSWORD *PHONE *POSITION *PROJECT *SITE *SPCLNAME UID -- CANCEL/SUSPEND -- *CANCEL CSDATE CSWHO *MON-LOG *MONITOR *PP-TRC *PP-TRCV *SUSPEND *TRACE *TSO-TRC -- PRIVILEGES -- *ACCOUNT *ACTIVE *AUDIT *AUTOALL *AUTODUMP *AUTONOPW *AUTOONLY *BDT *CICS *CMD-PROP *CONSULT *DG84DIR *DIALBYP *DOCXFER *DSNSCOPE *DUMPAUTH *EXPIRE *GRP-OPT *GRPLOGON *IMS *JOB *JOBFROM *LDEV *LDS *LDSNODES *LEADER *LIDSCOPE *LOGSHIFT *MAINT *MARSSHOT *MOONSHOT *MUSASS *NO-INH *NO-OMVS *NO-SMC *NO-STORE *NOMAXVIO *NON-CNCL *NOSPOOL *PGM *PPGM *PRIV-CTL *PROGRAM *PTICKET *PWPALLOW *READALL *REFRESH *RESTRICT *RSRCVLD *RSTDACC *RULEVLD *SCPLIST *SECURITY *SRF *STARXFER *STC *SUBAUTH *SYNCNODE *SYNERR *SYSPEXCL *TAPE-BLP *TAPE-LBL *TDISKVLD *TSO *UIDSCOPE *USER *VLDRSTCT *VLDVMACT *VM *VMD4AUTH *VMD4FSEC *VMD4RSET *VMD4TARG *VMESM *VMSAF *VMSFS *VMXA *VSESRF -- ACCESS -- ACC-CNT ACC-DATE ACC-SRCE ACC-TIME GRP-USER -- PASSWORD -- *KERB-VIO KERBCURV LIDTEMP *LIDZMAX *LIDZMIN *MAXDAYS *MINDAYS *PSWD-DAT *PSWD-EXP *PSWD-INV PSWD-MIX *PSWD-SRC PSWD-TIM PSWD-TOD *PSWD-UPP *PSWD-VIO *PSWD-XTR *PSWDCVIO *PWP-DATE *PWP-VIO -- TSO -- *ACCTPRIV *ALLCMDS *ATTR2 *CHAR *CMD-LONG *CONSOLE *DFT-DEST *DFT-PFX *DFT-SOUT *DFT-SUBC *DFT-SUBH *DFT-SUBM *INTERCOM *JCL *LGN-ACCT *LGN-DEST *LGN-MSG *LGN-PERF *LGN-PROC *LGN-RCVR *LGN-SIZE *LGN-TIME *LGN-UNIT *LINE *MAIL *MODE *MOUNT *MSGID *NOTICES *OPERATOR *PAUSE *PMT-ACCT *PMT-PROC *PROMPT *RECOVER *TSOACCT *TSOCMDS *TSOFSCRN *TSOPERF *TSOPROC *TSORBA *TSORGN *TSOSIZE *TSOTIME *TSOUNIT *UNICNTR *VLD-ACCT *VLD-PROC *WTP -- STATISTICS -- CRE-TOD *SEC-VIO UPD-TOD -- CICS -- *ACF2CICS *CICSCL *CICSID *CICSOPT *CICSPRI *CICSRSL *IDLE *MULTSIGN -- IMS -- -- IDMS -- -- MUSASS -- *MUSDLID *MUSID *MUSIDINF *MUSUPDT *NO-STATS -- RESTRICTIONS -- *AUTHSUP1 *AUTHSUP2 *AUTHSUP3 *AUTHSUP4 *AUTHSUP5 *AUTHSUP6 *AUTHSUP7 *AUTHSUP8 *GROUP *PREFIX *SHIFT *SOURCE *VMACCT *VMIDLEMN *VMIDLEOP *ZONE -- DFP -- *SMSINFO
    From the ACF CONTROL and XREF settings, you can use this command to view the fields of infostorage records. Use the following syntax:
    SHow Fields(
    recid
    )
    For example, issue the command SHOW FIELDS(APPLDEF) from the CONTROL(GSO) setting to view the fields of the APPLDEF record.
  • LDS
    Displays the LDS status and options, the active LDAP records, and the CA ACF2 logonid field information that is propagated to an LDAP server. The SHOW LDS command uses standard CA ACF2 masking conventions to specify a range of active LDAP records. The following example shows the results after issuing the SHOW LDS command with a MASKED qualifier value.
    ACF SHOW LDS(cpu2-) -- LIGHTWeight-DIRECTORY ACCESS PROTOCOL -- CURRENT LDS STATUS: ACTIVE CURRENT LDS JOURNAL STATUS: ACTIVE LDS JOURNAL DATASET NAME: CALDAP.LDSJRNL CURRENT LDS RECOVERY STATUS: ACTIVE LDS RECOVERY DATASET NAME: CALDAP.LDSRCVR CURRENT SYSID: TEST LDSRING: NONE OPTIONS: DEBUG RETRY(3) SYSCLASS(A) SYSDEST(LOCAL) TIMEOUT(30) ACTIVE LDAP RECORD LIST: - LDAP.CPU2 STATUS: CONNECTED OPTIONS: ACTIVE BROADCST CHANGE DEBUG DELCHILD DELETE INSERT JOURNAL PSWDASIS NOPSWDLOWR NOUSEEXTOP OBJCLASS: ACF2LID NEXTKEY: *** NO NEXTKEY DEFINED *** URL: LDAP://xxx.xxx.xxx.xx:389 USERDNS: acf2lid=%l,host=xxx,o=xx,c=xx LDSLABEL: XREF: LID: ATTRIBUTE: NAME name PASSWORD USERPASSWORD
    • LIDMAP ('LID-MASK')
      Displays the logonid masks and their associated node search sequences. 'LID-MASK' defaults to '-'.
  • LINKLIST
    Displays the libraries that are designated for program access control.
  • LINux
    Displays the Linux machine definitions currently in use.
    SHOW LINUX -- LINUX/390 DEFINITIONS -- LINUX MACHINE - MACHINE NAME IP ADDRESS ACTIVE ------------- ---------------- --------- patro07-1 172.16.252.252 YES ussaaplb 172.17.253.253 YES linux001 172.18.254.254 NO -- LINUX USERS FOR NODE1 MACHINE -- UID# NAME GROUP LINUX NAME ------ -------- --------- ------------------ 1100 LNXUSER1 LNXGRP1 LINUXLONGUSERNAME *500 GUEST11 GUSTGRP - Not Defined - 501 TESTUSR3 TESTGRP TESTGUY 505 TESTUSR4 n/a - Not Defined - -- LINUX USERS -- UID# NAME GROUP LINUX NAME ------ --------- --------- ------------------ 100 LNXUSER1 LNXGRP1 LINUXLONGUSERNAME *500 GUEST1 GUSTGRP - Not Defined - 501 TESTGUY3 TESTGRP TESTGUY 505 TESTGUY4 n/a - Not Defined - -- LINUX GROUPS -- GID# NAME ----- --------- 200 LNXGRP1 *500 GUSTGRP 600 TESTGRP 601 DFTGRP
    • LINux
      ALL
      | DUPLICATE | GROUPS[(
      mmmm-nnnn
      )] | MACHNAME | USERS[(
      mmmm-nnnn
      )] ]
      Displays the Linux machine, Linux user, and Linux groups definitions.
    • ALL
      Displays Linux machine, Linux UID, and Linux GID definitions. This value is mutually exclusive with all other keywords, except DUPLICATE. ALL is the default.
    • DUPLICATE
      Displays Group and User definitions with duplicate UIDs and GIDs. This keyword is mutually exclusive with keyword and MACHNAME.
    • GROUPS[(mmmm-nnnn])
      Displays Linux Group definitions, which consists of Linux GID number and associated group name. Range value mmmm indicates lower boundary number and nnnn indicates upper boundary number. If range values are not specified, it displays all GIDs. An asterisk(*) before GID number indicates this is default Group. This keyword is mutually exclusive with keyword, ALL.
    • MACHNAME
      Displays defined Linux machine names with associated IP address and its status. This keyword is mutually exclusive with keywords ALL and DUPLICATE.
    • USERS[(
      mmmm-nnnn
      )]
      Displays Linux User definitions, which consists of Linux UID number, CA ACF2 User id, Group name, and LINUX/390 User Name. Range value mmmm indicates lower boundary number and nnnn indicates upper boundary number. If range values are not specified, it displays all UIDs. An asterisk(*) before UID number indicates this is the default User. This keyword is mutually exclusive with keyword ALL.
    SHOW LINUX --- LINUX/390 DEFINITIONS --- -- LINUX MACHINE -- MACHINE NAME IP ADDRESS ACTIVE --------------- -------------- ------- patro07-1 192.168.250.251 YES ussaaplb 192.169.251.252 YES linux001 192.170.252.253 NO -- LINUX USERS -- UID# NAME GROUP APPLICATION NAME ------- ------ --------- -------------------------------- 100 LNXUSER1 LNXGRP1 LINUXLONGUSERNAME *500 GUEST1 GUSTGRP - Not Defined - 501 TESTGUY3 TESTGRP TESTGUY 505 TESTGUY4 n/a - Not Defined - -- LINUX GROUPS -- GID# NAME ----- ---------- 200 LNXGRP1 *500 GUSTGRP 600 TESTGRP 601 DFTGRP
  • MLid
    The SHOW MLID subcommand of the ACF command displays the GSO MLID records and the @MLID macros in the ACFFDR.
    SHOW MLID -- MLID DEFINITIONS -- GSO MLID DEFINITIONS ==================== MLID NAME: CICS01 FULL LID HEXADECIMAL OFFSET FIELD NAME INTO THE MINI LID ____________ __________________ CICSCL ...... 0 CICSID ...... 3 CICSRSL ...... 9 CICSPRI ...... C IDLE ...... D CICS ...... E ACFFDR MLID DEFINITIONS ======================= MLID NAME: ACF2 FULL LID HEXADECIMAL OFFSET FIELD NAME INTO THE MINI LID ____________ __________________ LID ...... 4 NAME ...... C PREFIX ...... 2C DSNSCOPE ...... 34 LIDSCOPE ...... 3C UIDSCOPE ...... 44 SCPLIST ...... 5C FLAG AT +9 ...... 64 FLAG AT +A ...... 65 FLAG AT +8 ...... 66 PRV-TOD1 ...... 24 ZONE ...... 67 PASSWORD ...... 6A HOMENODE ...... 72 FLAG AT +DC ...... 7A MLID NAME: CICS FULL LID HEXADECIMAL OFFSET FIELD NAME INTO THE MINI LID ____________ __________________ CICSCL ...... 0 CICSID ...... 3 CICSRSL ...... 9 CICSPRI ...... C IDLE ...... D FLAG AT +DC ...... E MLID NAME: IMS FULL LID HEXADECIMAL OFFSET FIELD NAME INTO THE MINI LID ____________ __________________ IDLE ...... 0 FLAG AT +DC ...... 1
  • MLS
    The SHOW MLS subcommand displays the status of MLS and security classifications on the active system.
    SHOW MLS ALL -- Multilevel Security (MLS) Facility -- MLS Status: ACTIVE MLS Mode: QUIET Write-Down: ALLOWED Current SYSID: XE41 Seclabel by system ID: INACTIVE MLS Seclabel Audit: INACTIVE UNIX Files/Directories: SECLABELS NOT REQUIRED UNIX IPC Objects: SECLABELS NOT REQUIRED ----------------- Active Categories ----------------- Category Name -------------------------------- AA BB CC DD EE FF GG ---------------------- Active Security Levels ---------------------- Number Seclevel Name ------ ------------------------------------------------------------ 5 UNCLASSIFIED 10 CONFIDENTIAL 15 SECRET 20 TOP SECRET ---------------------- Active Security Labels ---------------------- Label Name Level Categories ---------- ----- ------------------------------- PRJC2 10 AA BB CC DD EE FF GG PRJS 15 *NONE* PRJS3 15 AA BB CC DD EE FF PRJTS4 20 AA BB CC DD EE GG PRJTS5 20 AA BB CC DD EE GG PRJU 5 *NONE* PRJU2 5 AA BB CC DD EE FF GG
  • MOde
    Displays the current setting or mode of the ACF command. It also displays the current targets for ACF subcommands as follows:
    SHOW MODE MODE: ACF SYSID: CPU1 TARGET: CHI NY1 NY2
  • MSGOPTS
    Show MSGOPTS displays the current MSGOPTS settings.
    SHOW MSGOPTS -- MSGOPTS - Messages Replacement Option Summary -- MSGOPTS Active: YES New Message: ACF01125 Messages replaced by New Message ACF01004 ACF01005 ACF01007 ACF01012
  • MUsass
    The SHOW MUSASS subcommand of the ACF command displays the GSO MLID records and the @MUSASS macros in the ACFFDR.
    SHOW MUSASS -- MUSASS DEFINITIONS -- GSO MUSASS DEFINITIONS ---------------------- RECORD MUSASS MLID CACHE CVT FAST WORK QUALIFIER ID NAME CACHE # COM CVTNAME PATH SP WORKLEN ========== ======== ======== ===== ===== ===== ======== ===== ===== ======= APPL1 APPL1 MLID01 NO 0 YES <NONE> YES 0 0 APPL2 APPL2 MLID02 NO 0 YES <NONE> YES 0 0 ACFFDR MUSASS DEFINITIONS ------------------------- RECORD MUSASS MLID CACHE CVT FAST WORK QUALIFIER ID NAME CACHE # COM CVTNAME PATH SP WORKLEN ========== ======== ======== ===== ===== ===== ======== ===== ===== ======= N/A CICSCVT CICS NO 0 YES <NONE> YES 0 0 N/A IMS IMS NO 0 YES <NONE> YES 0 0
  • NETNODE ('NODE-MASK')
    Displays the node definitions for active nodes as defined in the NETNODE records. 'NODE-MASK' defaults to '-'.
  • NETOPTS
    Displays the active DDB options as defined in the NETOPTS record.
  • NJe(
    nodename
    )
    Displays all NJE records defined to the system and the options that are specified for each. Providing a node name value limits the display to those NJE records associated with the given node name. Use standard CA ACF2 masking conventions to specify a range of node names that you want to display.
    SHOW NJE(
    CHI
    ) -- NJE OPTIONS IN EFFECT -- NODE VALIDATE VALIDATE INHERIT- SEND DEFAULT SYSOUT NAME OR INCOMING OUTGOING ANCE ENCRYPTED LOGONID DEFAULT MASK JOBS JOBS ALLOWED PASSWORD LOGONID (BOTH) (IN) (OUT) (IN) (OUT) (IN) (IN) -=================================================================== ******** YES NO YES YES SKKDFT SKKSDFT
  • OMVS
    [ALL|DELIMIT(
    YES
    |NO|ND)|DGROUPS(mmmm[-nnnn])|SUPERUSERS|USERS(mmmm[-nnnn])]
    [Duplicates]]
    Displays z/OS UNIX System Services users and/or groups.
    • ALL
      Displays all defined UIDs and GIDs along with their associated user IDs.
    • DELIMIT(
      YES
      |NO|ND)
      Specifies GIDs and UIDs that contain commas in numbers. If no or ND is specified, commas are removed from the output display.
    • GROUPS(mmmm[-nnnn])
      Displays a range of GID values along with their associated userids.
    • SUPERUSERS
      Displays all superusers (UID of zero(0)) along with their associated userids.
    • USERS(mmmm[-nnnn])
      Displays a range of UID values along with their associated userids.
    • Duplicates
      Shows only the UID and GID values that belong to more than one user or group. The DUPLICATES keyword can be used together with another keyword. Example: SHOW OMVS USERS(1-2000) DUPLICATES shows only duplicate UID values that are in the range 1 through 2000. ALL is the default.
    SHOW OMVS ALL ---------- OPENEDITION MVS DISPLAY ----------- -- OMVS USERS -- UID NAME MAPOWNER ================ ======== ======== 0 BPXAS 0 BPXOINIT 0 BPXROOT YES 7 GUEST3 101 TEST 8,888,888 OMVSC -- OMVS GROUPS -- GID NAME MAPOWNER ================ ======== ======== 0 NULLGRP 0 ZEROGRP 11 LDSGRP 44,444 OMVSG YES 99,999,999 OMVSDGRP SHOW OMVS ND or SHOW OMVS DELIMIT(NO) -------OPENEDITION MVS DISPLAY------- -- OMVS USER-- UID NAME MAPOWNER ============= =========== ======== 0 $$ROOT$$ 31201 CCITCPGW 74101 XXXXXXXX 99999999 OEDFLT
  • PROGRAMS
    Displays information on the following system options you have established for program name control:
    • Restricted program names-SHOW PROGRAMS lists the names of those programs that bypass the operating system integrity. Execution of these programs is permitted only to users with the SECURITY privilege level and unlimited scope, or to users with the NON-CNCL privilege. For more information, see SECURITY and NON-CNCL fields in Scope Records.
    • Maintenance logonids/programs/libraries-SHOW PROGRAMS lists the logonids for each user who is permitted to bypass access rule validation when executing the specified program from a specified library. The MAINT or NON-CNCL privilege is required in the logonid.
    • Tape bypass label programs/libraries-SHOW PROGRAMS lists the names of programs that, when executed from a specified library, are valid for tape bypass label processing (BLP).
    • Logged programs-SHOW PROGRAMS lists the names of programs for which each data set access is logged.
    SHOW PROGRAMS -- RESTRICTED PROGRAM NAMES -- DRWD**** FDR*** ICKDSF** IEHD**** IEHINIT* -- MAINTENANCE LOGONIDS/PROGRAMS/LIBRARIES -- MAINTLID MAINTPGM SYS1.LINKLIB MAINTLID MAINTPG1 SYS1.LINKLIB MAINTLID MAINTPG2 SYS1.LINKLIB MAINTLID MAINTPG3 SYS1.LINKLIB MAINTLID MAINTPG4 SYS1.LINKLIB -- NO TAPE BYPASS LABEL PROGRAMS/LIBRARIES -- -- LOGGED PROGRAMS -- AMASPZAP IMASPZAP INCORZAP
    If no programs exist under a certain category, SHOW PROGRAMS indicates that no such programs exist. For more information about these program controls, see the descriptions of the PPGM, MAINT, BLPPGM, and LOGPGM records.
  • PROXY
    Displays current PROXY defaults used by Policy Directory Authorization Services and EIM defaults used by Enterprise Identity Mapping.
    In the following example, EIM and PROXY defaults exist, but some fields have not been assigned values yet.
    ACF SHOW PROXY --DEFAULT PROXY INFORMATION SUMMARY BIND DISTINGUISHED NAME: cn=eim administrator, o-CA, st=Illinois, c=US DISTINGUISHED DOMAIN NAME: ibm=eimDomainName=EIM Test Domain,o=CA, st=Illinois, c=US LDAP SERVER URL AND PORT: ldap://usi243me.ca.com:1389 LOCAL REGISTRY: RACF XE43 OPTIONS: ENABLE --DEFAULT EIM INFORMATION SUMMARY BIND DISTINGUISHED NAME: NONE DISTINGUISHED DOMAIN NAME: NONE LDAP SERVER URL AND PORT: NONE LOCAL REGISTRY: NONE OPTIONS: ENABLE
  • PSwdopts
    Displays the CA ACF2 system options that are related to password and password phrase policy.
    SHOW PSWDOPTS PASSWORD (PSWD) OPTIONS IN EFFECT: OPTION OPTION DESCRIPTION ================ ================================================== CLEARVIO = NO RESET PSWD VIO COUNTS AT SUCCESSFUL SIGN-ON MAXTRY = 3 MAXIMUM NUMBER OF SIGN-ON ATTEMPTS ALLOWED MINPSWD = 6 MINIMUM NUMBER OF CHARACTERS REQUIRED PASSLMT = 3 MAXIMUM NUMBER OF INVALID SIGN-ON ATTEMPTS ALLOWED PER DAY PSWDALPH = NO AT LEAST ONE ALPHABETIC CHARACTER REQUIRED PSWDALT = YES ALLOW USERS TO ENTER NEW PSWD AT SIGN-ON PSWDENCT = XDES PSWD ENCRYPTION ALGORITHM UTILIZED PSWDFRC = YES FORCE USER TO ENTER NEW PSWD AT SIGN-ON PSWDHST = YES PSWD CANNOT MATCH 4 PREVIOUS PSWDS PSWDJES = YES INVALID PSWD ATTEMPT IN JES INCREMENTS PSWD-VIO COUNT PSWDLC = NO AT LEAST ONE LOWERCASE CHARACTER REQUIRED PSWDLID = YES PSWD CANNOT MATCH USER LID PSWDMAX = 90 MAXIMUM NUMBER OF DAYS TO ELAPSE FOR A PSWD CHANGE PSWDMIN = 1 MINIMUM NUMBER OF DAYS TO ELAPSE FOR A PSWD CHANGE PSWDMIXD = NO ALLOW CASE-SENSITIVE CHARACTERS IN PSWD PSWDNAME = 0 # OF CONSECUTIVE CHARACTERS THAT PSWD CANNOT MATCH IN NAME PSWDNCH = NO USER CANNOT UPDATE PSWD WITH CHANGE COMMAND PSWDNMIC = YES AT LEAST ONE NUMERIC CHARACTER REQUIRED PSWDNUM = YES PSWD CANNOT CONTAIN ALL NUMERIC CHARACTERS PSWDPAIR = N/A NUMBER OF CONSECUTIVE REPEATING CHARACTERS ALLOWED PSWDPLID = NO PSWD CANNOT CONTAIN USER LID PSWDPLST = NONE PSWDREQ = YES PSWD REQUIRED FOR ALL LIDS EXCEPT STC OR RESTRICT LIDS PSWDRSV = NO PSWD CANNOT BEGIN WITH A RESERVED WORD PREFIX PSWDRSVW = NO PSWD CANNOT CONTAIN A RESERVED WORD PSWDSIM = 0 NUMBER OF CONSECUTIVE SIMILAR CHARACTERS NOT ALLOWED PSWDSPLT = NO AT LEAST ONE NATIONAL OR USER-DEFINED CHARACTER REQUIRED PSWDUC = NO AT LEAST ONE UPPERCASE CHARACTER REQUIRED PSWDVFY = NO USER REQUIRED TO VERIFY NEW PSWD PSWDVOWL = YES ALLOW VOWEL CHARACTERS IN PSWD PSWDXTR = YES ALLOW AUTHORIZED PROGRAMS TO EXTRACT PSWD PSWNAGE = NO DO NOT INCLUDE TEMPORARY PSWD IN PSWD HISTORY PSWXHIST = YES PSWD CANNOT MATCH UP TO 64 PREVIOUS PSWDS PSWXHST# = 24 NUMBER OF PREVIOUS PSWDS TO RETAIN WRNDAYS = 5 NUMBER OF DAYS WARNING IS ISSUED BEFORE PSWD EXPIRES PASSWORD PHRASE (PWP) OPTIONS IN EFFECT: OPTION OPTION DESCRIPTION ========== ======================================================== ALLOW = NO ALLOW AUTHENTICATION USING PWP ALPHA = 0 MINIMUM NUMBER OF ALPHABETIC CHARACTERS REQUIRED CMD-CHG = YES ALLOW PWP UPDATE WITH CHANGE COMMAND HISTORY = 0 NUMBER OF PREVIOUS PWPS TO RETAIN LID = YES ALLOW LID IN PWP MAXDAYS = 0 MAXIMUM NUMBER OF DAYS ALLOWED UNTIL PWP CHANGE REQUIRED MAXLEN = 100 MAXIMUM NUMBER OF CHARACTERS ALLOWED MINDAYS = 0 MINIMUM NUMBER OF DAYS REQUIRED TO ELAPSE BEFORE PWP CHANGE MINLEN = 9 MINIMUM NUMBER OF CHARACTERS REQUIRED MINWORD = 1 MINIMUM NUMBER OF WORDS REQUIRED NUMERIC = 0 MINIMUM NUMBER OF NUMERIC CHARACTERS REQUIRED PWPLC = YES AT LEAST ONE LOWERCASE CHARACTER REQUIRED PWPUC = YES AT LEAST ONE UPPERCASE CHARACTER REQUIRED PWPONLY = NO ONLY ALLOW PASSWORD PHRASE TO BE USED REPCHAR = N/A NUMBER OF REPEATING CHARACTERS ALLOWED SPECIAL = 0 MINIMUM NUMBER OF SPECIAL CHARACTERS REQUIRED SPECLIST = NONE TEMP-AGE = YES INCLUDE TEMPORARY PASSWORDS IN PWP HISTORY WARNDAYS = 1 NUMBER OF DAYS WARNING IS ISSUED BEFORE PWP EXPIRES
  • REAlm
    Displays the GSO REALM records that are defined on the system.
    SHOW REAlM -- REALM GSO RECORD DEFINITIONS -- REALM.KERBDFLT LOCAL REALM ENCRYPTION TYPES: DES DESD DES3 AES128 AES256 CURRENT KEY VERSION = 3 DEFAULT TICKET = 7,200 MINIMUM TICKET = 15 MAXIMUM TICKET = 14,400 REALM NAME = USIXYZME.CA.COM CHKADDRS = ENABLED REALM.MAILSERV FOREIGN REALM ENCRYPTION TYPES: DES DESD DES3 AES128 AES256 CURRENT KEY VERSION = 2 REALM NAME = /.../USIXYZME.CA.COM/KRBTGT/CA.COM REALM.SECURITY FOREIGN REALM ENCRYPTION TYPES: DES DESD DES3 AES128 AES256 CURRENT KEY VERSION = 1 REALM NAME = /.../USIXYZME.CA.COM/KRBTGT/ACF2.CA.COM CONTROL
  • RESident
    Displays the names of system-resident directories and access rules:
    • Resident directories-Lists the resource rule directories that are built and made globally resident. This section also indicates the rule sets associated with the directories. Resident rule sets are global (in common storage) or local (in an address space). The GSO INFODIR and RESDIR records determine which infostorage directories and resource rule sets are resident. The INFODIR record replaces the RESDIR record. Although still accepted, you convert RESDIR records to INFODIR records.
    • Resident infostorage directories-Indicates the rule directories in the Infostorage database (such as CA ACF2 for DB2 directories) that are built and made globally resident. This section also indicates the rule sets associated with the directories. Resident rule sets are global (in common storage) or local (in an address space). The GSO INFODIR record determines which infostorage records and directories are made resident.
    • Resident access rules-Lists the access rule sets that are resident in global storage. The GSO RESRULE record determines which rule sets are resident.
    show resident -- RESIDENT DIRECTORIES -- CKC, RULES GLOBALLY RESIDENT -- RESIDENT INFOSTORAGE DIRECTORIES -- DPLN, RECORDS LOCALLY RESIDENT DTBL, RECORDS LOCALLY RESIDENT DDBS, RECORDS GLOBALLY RESIDENT DBPL, RECORDS TRANSIENT -- RESIDENT ACCESS RULES -- PAY ABC SYS1
  • RSRctype(null|D|R)
    Displays all of the resource type codes (based on resource rules) that are defined in your Infostorage database.
    • null
      Displays all R type and DB2 type resource types defined.
    • D
      Displays all DB2 type resource types defined.
    • R
      Displays all R type resource types defined.
      The following example displays all R and DB2 type resource types defined:
    SHOW RSRCTYPE -- RESOURCE TYPES DEFINED -- RAB* RALU RCFC RCHG RCKC RCMR RCPC RCTD RCTS RCXD RCXM RDAH RDB2 RDFC RDPN RDSM RDSN RDTB RFAC RIAG RICM RIPS RISF RITR RJOK RJWP RKKK RLBM RLLL RMGM RMTP ROMC ROPR RPDS RPGM RPRO RRCM RRSC RSAF RSAS RSDS RSEG RSFP RSTS RSUR RTER RTGR RTPR RTPV RTP1 RTST RTWC RVLB RVMA RXCD RXDC RXXX RXYZ [email protected]@ TOTAL NUMBER OF RESOURCE TYPES DEFINED: 59 -- DB2 RESOURCE TYPES DEFINED -- DBPL DCOL DDBS DPKG DPLN DSTG DSYS DTBL DTSP TOTAL NUMBER OF DB2 RESOURCE TYPES DEFINED: 9
  • RSVwords
    Displays the Reserved Word List. This list defines the words or prefixes that are not allowed in the specification of a password. For more information, see Reserved Word List (RESWORD).
    SHOW RSVWORDS -- RESERVED WORD LIST - APPL APR ASDF AUG BASIC CADAM DEC DEMO FEB FOCUS GAME IBM JAN JUL JUN LOG MAR MAY NET NEW NOV OCT PASS ROS SEP SIGN SYS TEST TSO VALID VTAM XXX 1234
  • SAFdef(null|
    id
    |REQ=
    xxxx
    )
    Displays the SAFDEF records that are defined on your system. Valid values are:
    • null
      Displays all SAFDEF records in the order they are searched by CA ACF2.
    • id
      Displays a specific SAFDEF record. If you specify a mask, CA ACF2 displays a group of SAFDEF records.
    • REQ=xxxx
      Displays all SAFDEF records for a specific RACROUTE request. The
      xxxx
      must specifically match a valid RACROUTE request parameter.
      SHOW SAFDEF describes how SAFDEF is used by CA ACF2 during processing. However, LIST SAFDEF under SET CONTROL(GSO) and SHOW SAFDEF can differ such as when a SAFDEF for FASTAUTH specifies an ENTITY value for RACROUTE, even though this is not allowed. For more information, see Understanding SAF and Global System Option Records.
    SHOW SAFDEF -- SYSTEM AUTHORIZATION FACILITY DEFINITIONS -- JESPOOLR JOBNAME=******** USERID=******** PROGRAM=HA$PSUBS RB=HA$PSUBS RETCODE=0 SAFDEF=INTERNAL MODE=IGNORE SUBSYS=ACF2 RACROUTE REQUEST=AUTH,REQSTOR='RDRSYSDS',SUBSYS='JES2- ', RACROCLASS='JESSPOOL' J2RDRVYX JOBNAME=******** USERID=******** PROGRAM=HA$PSUBS RB=HA$PSUBS RETCODE=4 SAFDEF=INTERNAL MODE=GLOBAL SUBSYS=ACF2 RACROUTE REQUEST=VERIFYX,REQSTOR='RDRVERYX',SUBSYS='JES2- '
  • STAte
    Displays the CA ACF2 system options in effect.
    SHOW STATE RUNNING CA ACF2 REL 15 BETA II /MVS SP7.1.0; WITH MODE = ABORT USING FDR ASSEMBLY: 10.21 11/24/09 OPTIONS IN EFFECT: %CHANGE=ALLOWED ACCESS SUBCMD=DISABLED BYPASS STATS=NO CACHE SYNCHRONIZER=DISABLED CONTROL=DECENTRALIZED GRANULAR CERTIFICATE ADMINISTRATION=DISABLED CERT EXPIRATION DAYS=30 CPF=DISABLED CANCEL/SUSPEND LID W/EXTRACT=DISABLED CPUTIME=LOCAL DATABASE CACHE=DISABLED DATE FORMAT=MM/DD/YY DDB=DISABLED DFT PRIM LANG=ENU DFT SECND LANG=ENU DFT STC LID=ACFSTCID DYNAMIC COMPILE=DISABLED CA AUDIT=DISABLED EVALUATION MODE=DISABLED ICSF=NO JOB CHECK=NO KERBLVL(0) KEYSIZE=2,048 LDS=DISABLED NAME-HIDING=NO LID WARN DAYS=1 MAX VIO PER JOB=10 NOSORT=YES OMVS DFT LID=OMVSU OMVSDFT GRP=OMVSG PASSTICKET FASTAUTH CALL=DISABLED RPTSCOPE=OFF RULELONG=DISABLED MAX SDN SIZE=512 STATS=DISABLED/INACTIVE STATS INTERVAL=15 STATS DATASET ENABLED=SMF STATS SELECTION ENABLED=ALL STATS DATASET ACTIVE=**NONE** STATS SELECTION ACTIVE=**NONE** STC OPTION=OFF SYSPLEX=DISABLED SYSPLEX ALTERNATE STRUCTURE NAME=N/A SYSPLEX PRIMARY STRUCTURE NAME=N/A TAPE BLP=NOLOG TAPE DSN=NO TEMPDSN=BYPASS TNG MONITOR=DISABLED UADS=BYPASS VSAMFAIL=NO VTAM OPEN=NO XAPPLVLD=NO XCF GROUP NAME=TESTXCF PASSWORD (PSWD) OPTIONS IN EFFECT: OPTION OPTION DESCRIPTION ================== ============================================================ CLEARVIO = YES RESET PSWD VIO COUNTS AT SUCCESSFUL SIGN-ON MAXTRY = 1 MAXIMUM NUMBER OF SIGN-ON ATTEMPTS ALLOWED MINPSWD = 1 MINIMUM NUMBER OF CHARACTERS REQUIRED PASSLMT = 2 MAXIMUM NUMBER OF INVALID SIGN-ON ATTEMPTS ALLOWED PER DAY PSWDALPH = NO AT LEAST ONE ALPHABETIC CHARACTER REQUIRED PSWDALT = YES ALLOW USERS TO ENTER NEW PSWD AT SIGN-ON PSWDENCT = XDES PSWD ENCRYPTION ALGORITHM UTILIZED PSWDFRC = YES FORCE USER TO ENTER NEW PSWD AT SIGN-ON PSWDHST = NO PSWD CANNOT MATCH 4 PREVIOUS PSWDS PSWDJES = NO INVALID PSWD ATTEMPT IN JES INCREMENTS PSWD-VIO COUNT PSWDLC = NO AT LEAST ONE LOWERCASE CHARACTER REQUIRED PSWDLID = NO PSWD CANNOT MATCH USER LID PSWDMAX = 0 MAXIMUM NUMBER OF DAYS TO ELAPSE FOR A PSWD CHANGE PSWDMIN = 0 MINIMUM NUMBER OF DAYS TO ELAPSE FOR A PSWD CHANGE PSWDMIXD = NO ALLOW CASE-SENSITIVE CHARACTERS IN PSWD PSWDNAME = 0 # OF CONSECUTIVE CHARACTERS THAT PSWD CANNOT MATCH IN NAME PSWDNCH = NO USER CANNOT UPDATE PSWD WITH CHANGE COMMAND PSWDNMIC = NO AT LEAST ONE NUMERIC CHARACTER REQUIRED PSWDNUM = NO PSWD CANNOT CONTAIN ALL NUMERIC CHARACTERS PSWDPAIR = N/A NUMBER OF CONSECUTIVE REPEATING CHARACTERS ALLLOWED PSWDPLID = NO PSWD CANNOT CONTAIN USER LID PSWDPLST = NONE PSWDREQ = YES PSWD REQUIRED FOR ALL LIDS EXCEPT STC OR RESTRICT LIDS PSWDRSV = NO PSWD CANNOT BEGIN WITH A RESERVED WORD PREFIX PSWDRSVW = NO PSWD CANNOT CONTAIN A RESERVED WORD PSWDSIM = 0 NUMBER OF CONSECUTIVE SIMILAR CHARACTERS NOT ALLOWED PSWDSPLT = NO AT LEAST ONE NATIONAL OR USER-DEFINED CHARACTER REQUIRED PSWDUC = NO AT LEAST ONE UPPERCASE CHARACTER REQUIRED PSWDVFY = NO USER REQUIRED TO VERIFY NEW PSWD PSWDVOWL = YES ALLOW VOWEL CHARACTERS IN PSWD PSWDXTR = NO ALLOW AUTHORIZED PROGRAMS TO EXTRACT PSWD PSWNAGE = NO DO NOT INCLUDE TEMPORARY PSWD IN PSWD HISTORY PSWXHIST = NO PSWD CANNOT MATCH UP TO 64 PREVIOUS PSWDS PSWXHST# = 0 NUMBER OF PREVIOUS PSWDS TO RETAIN WRNDAYS = 1 NUMBER OF DAYS WARNING IS ISSUED BEFORE PSWD EXPIRES PASSWORD PHRASE (PWP) OPTIONS IN EFFECT: OPTION OPTION DESCRIPTION ================== ============================================================ ALLOW = YES ALLOW AUTHENTICATION USING PWP ALPHA = 0 MINIMUM NUMBER OF ALPHABETIC CHARACTERS REQUIRED CMD-CHG = YES ALLOW PWP UPDATE WITH CHANGE COMMAND HISTORY = 0 NUMBER OF PREVIOUS PWPS TO RETAIN LID = YES ALLOW LID IN PWP MAXDAYS = 0 MAXIMUM NUMBER OF DAYS ALLOWED UNTIL PWP CHANGE REQUIRED MAXLEN = 100 MAXIMUM NUMBER OF CHARACTERS ALLOWED MINDAYS = 0 MINIMUM NUMBER OF DAYS REQUIRED TO ELAPSE BEFORE PWP CHANGE MINLEN = 9 MINIMUM NUMBER OF CHARACTERS REQUIRED MINWORD = 1 MINIMUM NUMBER OF WORDS REQUIRED NUMERIC = 0 MINIMUM NUMBER OF NUMERIC CHARACTERS REQUIRED PWPLC = YES AT LEAST ONE LOWERCASE CHARACTER REQUIRED PWPUC = YES AT LEAST ONE UPPERCASE CHARACTER REQUIRED PWPONLY = NO ONLY ALLOW PASSWORD PHRASE TO BE USED REPCHAR = N/A NUMBER OF REPEATING CHARACTERS ALLOWED SPECIAL = 0 MINIMUM NUMBER OF SPECIAL CHARACTERS REQUIRED SPECLIST = NONE TEMP-AGE = YES INCLUDE TEMPORARY PASSWORDS IN PWP HISTORY WARNDAYS = 1 NUMBER OF DAYS WARNING IS ISSUED BEFORE PWP EXPIRES UID STRING = COMPANY,SITE,LEVEL,PROJECT,LID DECOMP AUTHORITY = SECURITY, AUDIT INFO LIST AUTHORITY = SECURITY, AUDIT VOLUME PSEUDO DSN= @VOLSER.VOLUME -- DSNAME PROTECTED VOLUMES -- ****** -- VOLSER PROTECTED VOLUMES -- NONE SPECIFIED -- AUTOMATIC ERASE VOLUMES -- NONE SPECIFIED -- PDS MEMBER-LEVEL PROTECTION: LIBRARY / VOLUME / RESOURCE TYPE -- NONE SPECIFIED
    For more information about these options, see PSWD, OPTS, RESVOLS, RULEOPTS, and SECVOLS. Also, see the description of the @UID macro.
  • STCid
    Displays the logonid and groupid of specific started task IDs.
    SHOW STCID -- STARTED TASK TABLE -- STCID LOGONID GROUP ====== ======== ======= WEBSRV IMWEBSRV IMWEBSRV CICSA CICS
  • SYSPlex
    Displays information about the current settings for the SYSPLEX feature. It also displays the number of times that CA ACF2 has used the XES feature and the number of times messages have been sent or retrieved through XCF. For more information, see SYSPLEX Environment and Options (SYSPLEX).
    SHOW SYSPLEX -- SYSPLEX COUPLING FACILITY -- OPTION: SYSPLEX CURRENT XES STATUS: ACTIVE CURRENT XCF STATUS: ACTIVE COUPLING FACILITY DATA: INFOSTORAGE: ACTIVE LOGONIDS: ACTIVE RULES: INACTIVE XCF GROUP NAME: XCFACF MEMBER NAME: KJL1 PRIMARY STRUCTURE ACTIVE PRIMARY STRUCTURE NAME: STRUCT1 ALTERNATE STRUCTURE NAME: N/A CURRENT STRUCTURE SIZE= 7,680K MAX STRUCTURE SIZE= 7,680K NUMBER OF STRUCTURE ENTRIES= 3 MAX NUMBER OF STRUCTURE ENTRIES= 2,727 FULL THRESHOLD= 90% ACTION AT THRESHOLD= CLEAR # OF TIMES STRUCTURE CLEARED= 0 # OF TIMES STRUCTURE ALTERED= 0 NUMBER OF XES WRITES= 2 LID DB WRITES= 2 RULE DB WRITES= 0 INFSTG DB WRITES= 0 NUMBER OF XES READS= 3 NUMBER OF XES DELETES= 0 NUMBER OF XCF MESSAGES SENT= 0 NUMBER OF XCF MESSAGE GETS= 0
  • SYstems
    Displays various system parameters, such as the CA ACF2 SVC numbers and SMF record numbers.
    SHOW SYSTEMS -- SYSTEM PARAMETERS IN EFFECT -- SVCS: ALTER SVC=222 VALIDATE SVC=221 SMF RECORD NUMBERS: PASSWORD=220 DATA SET VIO=221 LID JOURNAL=222 RULE JOURNAL=223 LID TRACE=224 TSO COMMAND=225 INFO JOURNAL=226 RESOURCE VIO=227 ACF2 COMMON=230 BACKUP: AUTO BACKUP TIME=03.30 CPUID=UCC1 WORK FILE UNIT=VIO PRIMARY SPACE=5 SECONDARY SPACE=005 COMMAND STRING=S REPROALT OTHER: CONSOLE MSGS=ROLL SHR-DASD=SUPPORTED SMF LOGONID STAMP=NO NOTIFY=YES CURRENT SYSID=ABC1 STARTUP SYSID=ABC1 BUILT ACCVT=ABC1
  • TAMz
    Displays all the elevation CLASS records that you are allowed to use when performing an ELEVATE command on yourself with CA Trusted Access Manager for Z. It can also show all the elevation CLASS records you are allowed to use when performing an ELEVATE for anther user. SHOW TAM also shows the active TAM OPTIONS and the active SDESK (Service Desk) information when you have SECURITY, ACCOUNT, or AUDIT on your Logonid. For more information on this subcommand, see the CA Trusted Access Manager for Z doc set.
    SHOW TAM -- TAM Options -- CA NIM userid: NIMADMIN Logging Option: ELEVATE CA NIM HOST: NIMW7:8080 Service Desk: casdm SD Type: CASD -- TAM Classes -- Class: HERO Role: ADMIN Time: 60 Desc: Altuid: Ticket Required: NO -- TAM Service Desks -- Record Name: DEMO2 Type: CASD Service Desk: casdm Service Desk Update on Elevate: NO Record Name: DEMO3 Type: CASD Service Desk: casdm Service Desk Update on Elevate: PRIVATE
  • TNg
    Displays the TNG nodes on the system.
    SHOW TNG -- TNG NODE DEFINITIONS -- NODE NAME DEBUG IP ADDRESS --------- ----- ---------- New York NO 123.456.789.123 Dallas NO 123.456.789.345 Chicago YES 123.456.789.789
  • TSo
    Displays TSO default options on the system.
    SHOW TSO -- TSO RELATED DEFAULTS ACTIVE -- LOGON ACCOUNT STRING=1 CMD LIST BYPASS CHAR=# CHAR DELETE CHAR=NONE TSO CMD LIST=NONE COMMAND SMF RECORDS=YES TSOGNAME=NONE LINE DELETE CHAR=NONE LOGON CHECK=NO PERFORMANCE GROUP=NONE TSO LOGON PROC=IKJACCNT QUICK LOGON=NO TSO REGION SIZE=2,048 SUBMIT CLASS=NONE SUBMIT HOLD CLASS=NONE SUBMIT MESSAGE CLASS=NONE SESSION TIME=NONE SYSOUT CLASS=A TSO UNITNAME=SYSDA LOGON WAIT TIME=NONE FSRETAIN=YES TSO LOGON PRE-PROMPT=NO PASSWORD PHRASE LOGON=YES
  • UNIXopts
    Displays UNIX options on the system.
    SHOW UNIXOPTS -- UNIXOPTS OPENEDITION/MVS/UNIX SYSTEM SERVICES (USS) SUMMARY -- OMVS DEFAULT USER: OMVSU OMVS DEFAULT GROUP: OMVSG MAX NUMBER OF OMVS GROUPS: 300 HFS SECURITY ACTIVE: NO HFSACL ACTIVE: NO FILE.GROUPOWNER.SETGID ACTIVE: NO -- AUDIT FLAG STATUS -- CHOWN_RESTRICTED: YES DIRACC_ACTIVE: NO DIRSRCH_ACTIVE: NO FSOBJ_ACTIVE: NO FSSEC_ACTIVE: NO IPCOBJ_ACTIVE: NO PROCACT_ACTIVE: NO PROCESS_ACTIVE: NO
  • Zeroflds
    Displays those fields of the logonid record that cannot be copied by the ACF subcommand INSERT USING (under the LID setting).
    SHOW ZEROFLDS -- FIELD VALUES WHICH WILL NOT BE COPIED DURING 'INSERT USING' PROCESSING -- ACC-CNT ACC-DATE ACC-SRCE ACC-TIME ACCOUNT ACCTPRIV ACF2CICS AUDIT AUTHSUP1 AUTHSUP2 AUTHSUP3 AUTHSUP4 AUTHSUP5 AUTHSUP6 AUTHSUP7 AUTHSUP8 AUTOALL AUTODUMP AUTONOPW AUTOONLY BDT CMD-PROP CONSOLE CONSULT CRE-TOD DEPT DG84DIR DIALBYP DOCXFER GROUP GRP-OPT GRP-USER GRPLOGON HOMENODE IDNUM JOBFROM KERB-VIO KERBCUR KERBCURV KERBPRE KERBPREV LDS LDSNODES LDSNODEV LEADER LIDTEMP LIDZMAX LIDZMIN LOGSHIFT MAINT MOUNT MUSASS MUSUPDT NAME NO-SMC NO-STATS NOMAXVIO NON-CNCL NOSPOOL OLDLID OPERATOR PASSWORD PHONE PPGM PRIV-CTL PROJECT PRV-TOD1 PRV-TOD2 PRV-TOD3 PRV-TOD4 PRVPSWD1 PRVPSWD2 PRVPSWD3 PRVPSWD4 PSWD-DAT PSWD-INV PSWD-MIX PSWD-SRC PSWD-TIM PSWD-TOD PSWD-VIO PSWD-XTR PSWD-XTV PSWDCVIO PWP-DATE PWP-VIO READALL REFRESH RSRCVLD RSTDACC RULEVLD SCPLIST SEC-VIO SECURITY SHIFT SRF STARXFER SYNCNODE SYNERR SYSPEXCL TAPE-BLP TAPE-LBL TDISKVLD TSORBA UNICNTR UPD-TOD VLDVMACT VMACCT VMD4AUTH VMD4FSEC VMD4RSET VMD4TARG VMESM VMSAF VMSFS VSESRF ZONE
    For more information about altering the fields included on this list, see @CFDE macro.
    The following counters are incremented in full word and therefore can have a maximum value of 4,294,967,295
    • Inbound Password request: Number of change password requests received from the node
    • Outbound password request: Number of change password requests sent to the node
    Returned records: Number of records returned in response to requests received from the node