FACILITY—Control System Facility Processing

ctsfz
Valid on z/OS and z/VM.
Use the FACILITY control option to:
  • Control the processing of each system facility
  • Obtain the status of a facility
All entry methods are accepted.
The FACILITY control option has the following format:
FACILITY(
facility
|ALL) FACILITY(
facility
=
subopt1
<=
value1
>,...)
  • facility
    The full name of a single facility.
Examples: FACILITY Control Option
This example displays the TSO facility status:
F TSS,FACILITY(TSO)
This example updates the FACILITY option:
TSS MODIFY(FACILITY(
subopt1
=
operand
<=
value
><,
subopt2
<=
value2
>>...))
This example alters the BATCH facility to WARN mode and sets NOLUMSG. The suboption MODE requires a value, but the NOLUMSG suboption does not:
TSS MODIFY('FACILITY(BATCH=MODE=WARN,NOLUMSG)')
Universal Suboptions
The following suboptions are available for facilities of all types:
  • ABEND
    Resets the NOABEND suboption.
  • NOABEND
    A multiuser address space facility (CICS, IMS, CA-Roscoe) does not abend if one user in the region causes a violation. The behavior does not imply that the ACID used to define the Facility itself is immune from security abends during startup.
    If NOABEND is set,
    CA Top Secret
    does not cancel the user's activity even if the violations exceed the threshold (VTHRESH).
    CA Top Secret
    locks the user's terminal.
  • ACTIVE
    Reactivates a facility that was deactivated with the FACILITY(facility=INACT) command.
    CA Top Secret
    Status/Diagnostic Log listings displays “IN-USE” to indicate that a facility is active.
    For example, to allow signons to the IMSPROD facility:
    FACILITY(IMSPROD=ACTIVE)
  • ASUBM
    Specifies that
    CA Top Secret
    -authorized job submission is being used for the facility.
  • NOASUBM
    Resets the ASUBM suboption.
  • AUDIT
    Specifies that all activity is audited for users who log on to the specified facility.
    For example, to audit all user activity of a newly activated facility:
    FACILITY(IMSPROD=AUDIT)
  • NOAUDIT
    Deactivates auditing of users who log on to the facility.
  • AUTHINIT
    Specifies that an application must be APF-authorized to execute a RACINIT or RACROUTE REQUEST=VERIFY.
  • NOAUTHINIT
    (Not recommended) Allows an application that is not APF-authorized to execute a RACINIT or RACROUTE REQUEST=VERIFY. NOAUTHINIT requires that the program issuing the request must come from an APF-authorized library, whether or not it is running with APF authorization. Another requirement for NOAUTHINT is that the request cannot include the PASSCHK=NO parameter.
  • DEFACID(
    acid
    )
    Specifies a default ACID used for access to the specified facility by users who do not have defined ACIDs but require access to the facility. Use the TSS CREATE function to define this default ACID. For example, a production CICS default ACID can be defined so that users who do not require specific security requirements are governed by the blanket requirements that are defined by the default ACID.
    The DEFACID under CICS satisfies an ATS signon only. In CICS3.2.1 or above, a DEFACID is not recommended, and using CICS DFLTUSR is preferred. For example:
    FACILITY(TSO=DEFACID(TSODEF))
    DEFACID is not needed for CICS 3.2 and above.
  • DEFACID(RDR*TERM)
    Specifies that
    CA Top Secret
    derives the default ACID from the terminal or batch reader name if the user ID entered at signon is not defined as an ACID or if the batch ACID is not supplied.
    A default ACID for BATCH can be defined to handle Remote Job Entry (RJE) or Network Job Entry (NJE) job submission. If so defined, all jobs that are submitted derive a default ACID associated with the RJE or NJE node. This value eliminates required JCL changes or possible viewing of passwords over the RJE or NJE lines.
    A BATCH default ACID can also be defined for jobs that are submitted through a card reader. A BATCH default ACID eliminates required JCL changes that include coding of passwords on the job card.
    To establish a default ACID for RJE remotes 1, 2, and 3, specifiy the following configuration in the Parameter File:
    FACILITY(BATCH=DEFACID(RDR*TERM))
    The security administrator then creates and defines ACIDs for remote readers 1, 2, and 3.
    CA Top Secret
    uses these ACIDs to derive the default ACIDs.
    TSS CREATE(RM1) DEPARTMENT(XXX) FACILITY(BATCH) SOURCE(RM1) NAME('DEFAULT-FOR-SHOP-1')
    The security administrator continues to create ACIDS for readers 2 and 3. When a default ACID is assigned, the user receives message TSS7053I.
  • DEFACID(*NONE*)
    Removes the default ACID for the facility specified. For example:
    FACILITY(BATCH=DEFACID(*NONE*))
    Do not use DEFACID with facility TSO.
  • DORMPW
    Specifies password validation in DORMANT mode when specified for a facility. A DORMANT mode user must give the correct password to log on. For details, see the WARNPW sub-option.
    Message TSS7102E is only issued for control type ACIDs.
  • NODORMPW
    Does not honor the
    CA Top Secret
    password validation in DORMANT mode.
    Due to changes in CICS Transaction Server for z/OS (CICS TS) password processing, a DORMANT mode user must provide a password, even though password validation is not active.
  • DOWN=
    suboption
    Specifies how jobs are initiated and passwords are changed for a facility when
    CA Top Secret
    address space is inactive. The DOWN option includes the following suboptions:
    • GLOBAL
      |
      *
      Defaults to the setting defined by the DOWN control option. An asterisk (*) has the same meaning as GLOBAL.
    • WAIT
      Waits for
      CA Top Secret
      to restart.
    • BYPASS
      Bypasses security checking. Does not invoke
      CA Top Secret
      until it restarts.
    • FAIL
      Fails the request.
    • NORMAL
      Reverts to native security (if any) until
      CA Top Secret
      restarts. Overrides the global DOWN option for the facility.
  • EODINIT
    Specifies that a RACINIT can be performed for the facility after a TSS ZEOD is issued. Required for JES and Console facilities.
  • NOEODINIT
    Specifies that a RACINIT cannot be performed for the facility after a TSS ZEOD is issued.
  • ID=
    Specifies one or two alphanumeric characters that represent the facility for reporting purposes. This value is predefined in the Facilities Matrix Table. Do not change it unless defining or renaming a facility.
  • IJU
    Specifies that
    CA Top Secret
    inserts USER= and PASSWORD= into the JCL.
  • NOIJU
    Specifies that
    CA Top Secret
    does not insert USER= or PASSWORD= into the JCL. Under the FTP facility, specify NOIJU to ensure FTP user ID ACID is propagated.
  • INACT
    Deactivates ability to sign on to the facility specified. Active users continue normally. For example, FACILITY(IMS=INACT) prevents users from signing on to IMS.
  • INSTDATA
    Allows installation data to be stored within a region of the specified facility.
    For example:
    FACILITY(TSO=INSTDATA)
  • NOINSTDATA
    Prohibits storing of installation data in a facility region to conserve space in large user regions.
  • IN-USE
    Specifies that the facility definition is updated. IN-USE determines if the facility should display due to a TSS MODIFY, FACILITY(ALL) or a TSS MODIFY, STATUS command. FACILITIES are marked as IN-USE when a user signs on to them. IN-USE cannot be set directly. IN-USE is set by changing any option of the facility with the PARMFILE or with a TSS MODIFY command. IN-USE is turned on even when the option is set to its default value.
  • KEY=n
    Can be set to equal the TCB protect key that the facility uses for storage.
    Default:
    8
  • LCFCMD
    Specifies that all Limited Command Facility (LCF) associated messages refer to “Commands” in their text.
  • LCFTRANS
    Specifies that all LCF-associated messages refer to “Transactions” in their text.
  • LOCKTIME=
    n
    Specifies the amount of time after which a terminal connected to a specific facility locks if
    CA Top Secret
    does not detect any activity. Facility-specific locktimes are overridden by a user's or profile's locktime.
    The following example indicates that terminals logged on to CICSPROD become locked if
    CA Top Secret
    does not detect activity after five minutes.
    FACILITY(CICSPROD=LOCKTIME=5)
  • LOG(
    log
    ,
    log
    ...)
    Specifies what types of security events
    CA Top Secret
    records and where it records them.
    The LOG option allows recording for all facilities (global), while the LOG suboption allows LOG options to be specified for each facility. Facility-specific LOG options entered after any global LOG option override the global option.
    The security administrator can use the LOG suboption in one of three ways:
    FACILITY(fac=LOG(ACTIVITY,ACCESS,SMF,INIT,MSG)) FACILITY(fac=LOG(NONE)) FACILITY(fac=LOG(ALL))
    For example, to indicate that all events should be logged for CICS:
    FACILITY(CICSPROD=LOG(ALL))
  • LTLOGOFF=
    NO
    |YES|SIGNOFF
    Specifies further LOCKTIME processing by controlling user logoff after the second LOCKTIME interval expires.
    To activate LTLOGOFF, locktime transactions must be installed.
    • NO
      (Default) Does
      not
      log the user's terminal off when the locktime expires for a second interval.
    • YES
      Logs the user's terminal off when the locktime expires for a second interval.
    • SIGNOFF
      Signs off the user without disconnecting the terminal from CICS.
  • LUMSG
    Specifies that the system display the “last-used” message when a user signs on to the specified facility. This operand only applies to USER-type ACIDs running in other than DORMANT mode. USER-type ACIDs do not display the “last-used” message in DORMANT mode in any case. Administrator-type ACIDs display the “last-used” message.
    For example:
    FACILITY(CICSPROD=LUMSG)
  • NOLUMSG
    Terminates the last-used message display. This operand does not apply to administrator-type ACIDs that display the “last-used” message.
  • LUUPD
    Activates the update of last-used statistics for most successful signons. Automatic Terminal Signon (ATS) and preset terminal security normally do not update last used statistics. Last used statistics can be activated for these signons using OPTIONS(30) at the
    CA Top Secret
    startup. This setting is the default for all facilities and should typically remain so.
  • NOLUUPD
    Prevents updating of the last-used statistics for all successful signon events within this facility, regardless of the setting of the RACROUTE macro specification of the STAT=ASIS/NO parameter. Use NOLUUPD to reduce the amount of I/O to the security file when experiencing severe I/O performance problems.
    The NOLUUPD sub-option does not prevent the display of the last used messages. Use the NOLUMSG option for this.
    With this sub-option set, the last-used statistics are only updated when a user incurs a password violation in this facility. This event updates the password violation count and the last used statistics.
  • MAXSIGN=(
    nnn
    ,RETRY|KILL)
    • nnn
      Specifies the maximum number of queued signon and signoff requests that are processed.
      Default:
      10
      Range:
      5 to 100
      For example, to set the threshold manually at 15:
    TSS MODIFY FACILITY(CICSPROD=MAXSIGN=(15))
    The parentheses around the value are required.
    When coding MAXSIGN and MAXUSER in the
    CA Top Secret
    PARM field, the MAXUSER option must be coded before MAXSIGN. If MAXUSER is not coded first, an invalid data error occurs during the
    CA Top Secret
    initialization.
  • RETRY
    Specifies that signon and signoff requests that exceed the threshold are requeued. For example, in the sample command shown here, additional attempts to sign on are requeued to CICS.
    TSS MODIFY FACILITY(CICSPROD=MAXSIGN=(100,RETRY))
  • KILL
    Abends the signon and signoff transaction. When Kill is set and the number of users attempting to sign on equals the threshold, additional attempts to sign on fail. For example, restrict the number of concurrent signons to a CICS facility called CICSPAY to a threshold of 15 by using this TSS MODIFY command:
    TSS MODIFY FACILITY(CICSPAY=MAXSIGN=(15,KILL))
  • MAXUSER=
    nnnn
    Specifies the size of the ACID cross-reference table in any multi-user address space system. To increase the size of the cross-reference table, recycle the address space. In CICS, the MAXUSER value that is specified is also used to calculate the necessary USCB allocation at startup.
    When a multi-user region starts up, the MAXUSER XREF table is built to hold the user ID and key. This table is 16 bytes times the MAXUSER value, one 16-byte entry for each user that signs on. When a user signs off, the entry is cleared and available for reuse.
    When the XREF table fills up, message TSS0962E is issued. Users can sign on, but there is no entry added to the XREF table. If the region abends, the storage for the users is not freed. This scenario can cause orphaned storage.
    Default:
    3000
    Minimum:
    256
  • MODE=
    mode
    Specifies a specific security mode for the facility:
    • DORM
    • FAIL
    • IMPL
    • WARN
    Unless FACSTOR(NO) is in effect, modes that are specified by facility must be entered after global or systemwide mode selections in the PARMFILE. If the global mode is FAIL, but WARN is specified for the IMS facility, all users initiating from IMS operate in the WARN mode.
    To change the global mode with an O/S Modify command:
    F TSS,MODE(D|W|I|F)
  • MSGLC
    Specifies that user violation messages are issued in mixed case.
  • NOMSGLC
    Specifies that user violation messages are issued in uppercase only.
  • MULTIUSER
    Specifies a multiuser address space.
    A multiuser address space supports multiple users. Security is generally not handled by z/OS. The following facilities are examples of multiuser address space facilities: CICS, IMS, CARoscoe, and CA IDMS.
    The following example shows a multiuser address space:
    FACILITY(IMS1=MULTIUSER)
  • NAME=
    fffff
    Specifies the base name of a facility in the Facility matrix table. Once changed, the new facility name must be used. To change a facility name from CICSPROD to CICSPAY:
    FAC(CICSPROD=NAME=CICSPAY)
  • NPWR
    Specifies whether a TSO or CICS facility supports password reverification. A default of two attempts for new passwords must be verified before complete logon sequence needs restarting. To set the threshold value for TSO and CICS, see NPWRTHRESH for details. When a user logs on to a facility that activated the NPWR sub-option of the FACILITY control option and enters a new password, the following message displays:
    TSS7016A ENTER NEW PASSWORD AGAIN FOR REVERIFICATION
    The user enters the new password a second time for reverification. Reverification ensures that the user correctly remembers and enters the new password. If the user enters an incorrect reverified password, the user is prompted again. After the second attempt, if the reverified new password is still incorrect, the following message displays and an accompanying DRC(015) is returned:
    TSS7111E NEW PASSWORD CHANGE INVALID - REVERIFICATION FAILED
  • NONPWR
    Specifies do not force the password reverification.
  • PGM=
    xxx
    or
    xxxxxxxx
    Specifies all eight or just the first three characters of the program name issuing RACINIT SVCs. Online systems use RACINIT to support signon validation for individual users. This value is the key to determining the (generic) facility.
  • PHRASEONLY
    Specifies signons to this facility to must use a password phrase. Signons that use a password fail.
  • NOPHRASEONLY
    Deactivates the PHRASEONLY suboption.
  • PRFT=
    nnnn
    Specifies the size of the shared profile table in increments of 256 entries. A single, shared profile table is allocated at the start of a region if its facility has SHRPRF set. The storage for the shared profile table is in extended private, subpool 230. Each entry in the table is 16 bytes long and contains the following information:
    • Profile ACID ID
    • Number of users sharing the profile
    • Profile address
    • Change indicator
    A region's shared profile table must have enough entries to hold the highest number of unique profiles that can be allocated within the region at any time. For example, a region supporting 250 users, each sharing three common profiles, where each user also has one unique profile, must have a shared profile table with no less than 253 entries.
    When the shared profile table becomes full, the address space reads new profiles into the private SECREC for newly signed on users. This scenario causes additional security file I/O during signon and may reduce the efficiency of
    CA Top Secret
    for this address space.
    Default:
    3
  • PROMPT
    FOR TSO ONLY: Makes it useless for users to enter their passwords with their user ID when logging on. This behavior helps prevent
    CA Top Secret
    from displaying passwords on the terminal. If a user enters their password and user ID at the same time,
    CA Top Secret
    issues a warning message, locks the user's terminal for 10 seconds (the default), and prompts for the password.
  • NOPROMPT
    Deactivates the PROMPT suboption.
  • RES
    Specifies the interpretation and recognition of maskable resources within the facility. Some examples of maskable resource classes are DATASET, JESSPOOL, DB2DBASE, and DB2COLL. Without RES on the facility, security checks against these resource classes fail. To identify a maskable resource class, see the commands documentation.
  • RXLTLIST
    Specifies all the resource class translate entries that are defined to the translate table.
  • RXLTADD(
    oldclass
    :
    newclass
    )
    Specifies a resource class translate entry to be added to the translate table.
    • oldclass
      Specifies the source resource class.
    • newclass
      Specifies the target resource class for the translation that occurs during the resource validation process.
      Old and new resource classes must exist in the RDT. An old class that is defined to the RDT as a type PIE or MRIE cannot be translated to a new class type RIE.
  • RXLTREM(
    oldclass
    )
    Specifies a resource class translate entry to be removed from the translate table.
  • NORES
    Prevents the interpretation and recognition of maskable resources within a facility. In high-performance transaction managers that do not normally make use of maskable resource classes, this can improve the performance. However, security features, which do involve maskable resources, cannot be used.
  • RNDPW
    Specifies random password generation in a facility. Two methods are supported:
    • User initiated
      Specifies random password generation is in effect when the facility suboption RNDPW is set. Users can have
      CA Top Secret
      generate a password for them by entering RANDOM in the New Password field. This option does not preclude users from specifying their own password with NEWPW criteria.
    • Automatic initiated
      Specifies random password generation takes place when the user's current password expires, and facility suboption RNDPW and global option NEWPW(RN) are in effect.
    RNDPW is set by default for TSO, CICS, and IMS. Some facilities might not display new, randomly generated passwords. Each facility, therefore, should test RNDPW before placing it into production.
    When RNDPW facility suboption and NEWPW(RN) option are not set and a user enters RANDOM as a new password, RANDOM is evaluated literally and sets the password to RANDOM. NEWPW(RN) global option must not be set if the user-initiated random password generation is required.
  • NORNDPW
    Cancels the RNDPW suboption.
  • SHRPRF
    Specifies profile sharing in multiuser address space environments such as CA Roscoe, IMS, and CICS where it is important to conserve storage. SHRPRF allows a copy of the profile to be shared by all users in the multiuser facility. Thus, storage is used efficiently.
    After a profile is updated, users must have their profile refreshed by the security administrator or sign on again to access the new profile. If not, the user continues to access the version with the profile they signed on.
  • NOSHRPRF
    Prohibits profile sharing for the specified facility.
  • SIGN(M)
    Specifies simultaneous logons with the same ACID for the specified facility.
  • SIGN(S)
    Specifies that
    CA Top Secret
    denies the simultaneous signon for an address space by the same ACID from different sources (for example, network terminals). When a duplicate signon is sensed,
    CA Top Secret
    issues message TSS7172E and denies the second session.
    • In IMPL and FAIL mode, this restriction is strictly enforced.
    • In WARN mode, only a message is displays. Signon by the same ACID from multiple terminals is logged and the user is warned, but the restriction is not enforced.
    Keyword SIGNMULTI allows specific user ACIDs to sign on multiple times when the facility sub-option is SIGN(S) and you have specified TYPE=CICS as the FACILITY option.
  • STMSG
    Specifies that the system display the status message when a user signs on to the specified facility. This operand only applies to USER-type ACIDs not running in DORMANT mode. USER-type ACIDs do not display the status message in DORMANT mode in any case. Administrator-type ACIDs display the status message.
  • NOSTMSG
    Terminates the status message display. This operand does not apply to administrator type ACIDs that always display the status message.
  • SUAS
    Used to indicate a single-user address space. A a single-user address space requests data sets directly from z/OS. These facilities are single-user address spaces: TSO, BATCH, and STC.
  • TRACE
    Specifies that the entire facility is to be traced.
  • NOTRACE
    Deactivates the TRACE suboption.
  • TSOC
    Specifies that a facility is TSO compatible. The facility can handle TGET and TPUT SVCs.
  • NOTSOC
    Cancels the TSOC suboption.
  • TYPE
    When listing all facilities, a three-digit numerical value (000 to 100) displays for the TYPE= parameter. This parameter should not be changed except when defining or renaming a new CICS, CAIDMS, DB2, CA ROSCOE, or IMS facility. TYPE= must be specified as TYPE=CICS, TYPE=IDMS, TYPE=DB2, TYPE=ROSCOE, or TYPE=IMS. These changes also update the facility ID numbers (CICS=004, IDMS=011, DB2=100, ROSCOE=007, and IMS=005). A facility with no predefined keyword is assigned display type 099.
    When used to modify a dummy facility, the keyword facility TYPE must be used as follows:
    TSS MODIFY FACILITY(
    xxxxx
    =TYPE=IMS)
  • UIDACID=
    n
    Specifies that the first
    n
    characters of an online user ID is used to derive the ACID for the user.
  • WARNPW
    Forces defined users and jobs to use their correct passwords during the WARN mode. The default for the WARN mode normally allows a job to process, even if the user omitted his password or entered it incorrectly.
    If the user signs on with a security administrator's ACID, and omits or enters an invalid password,
    CA Top Secret
    FAILs the request regardless of the current security mode or control option settings.
    CA Top Secret
    ignores the WARNPW option for undefined user ACIDs and in DORMANT mode.
  • NOWARNPW
    Cancels the WARNPW suboption.
  • XDEF
    Specifies default protection in place for all commands and transactions controlled by the facility. Explicit authorization is required through Limited Command Facility (LCF) or through OTRAN permission.
  • NOXDEF
    Indicates that transactions and commands need not be authorized through LCF before they can be used.
Options for Invoking Predefined Facilities
You can use the following default option specifications to invoke predefined facilities in
CA Top Secret
:
ACEP INITPGM=ACE ID=A TYPE=27 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 APPC INITPGM=ATB ID=AP TYPE=03 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=IN-USE,ACTIVE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,EODINIT,DORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 MAXUSER=03000 PRFT=003 BATCH INITPGM=IEFIIC ID=B TYPE=01 ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9,SMF UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 CA7 INITPGM=SAS ID=U TYPE=025 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR MODE=WARN DOWN-GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 CICSPROD INITPGM=DFH ID=C TYPE=004 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR ATTRIBUTES=LUUPD MODE=WARN DOWN=GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 FACMATRX=NO EXTSEC=YES EJBRPRFX=NO XJCT=YES XFCT=YES XCMD=YES XDCT=YES XTRAN=YES XDB2=NO XEJB=NO XTST=YES XPSB=YES XPCT=YES XPPT=YES XAPPC=NO XUSER=NO XHFS=NO XRES=NO PCTEXTSEC=OVERRIDE PCTCMDSEC=OVERRIDE PCTRESSEC=OVERRIDE DSNCHECK=NO LTLOGOFF=NO RLP=NO SLP=NO PCLOCK=NO MAXUSER=03000 PRFT=003 MAXSIGN=010,RETRY CICSCACHE=TASKLIFE,NOAUDIT,0512 FACILITY DISPLAY FOR CICSPROD BYPASS TABLE DISPLAY FOR FACILITY CICSPROD RESOURCE=LOCKTIME BYPASS NAMES: TSS RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT CDTS CECS CEGN CEHP CEHS CESC CESF CESN CFTS CGRP CITS CJSS CLQ2 CLR1 CLR2 CLS3 CLS4 CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO CQRC CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC CSKP CSLG CSMI CSM1 CSM2 CSM3 CSM4 CSM5 CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST CWTR CXCU CXRE CXRT TS 8888 9999 .... .... .... .... .... .... CFTL CFSL CKTI CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CFIR CPIS CISC CISD CISE CISR CISS CIST CJGC CJPI CISB CEPD CEPM CISQ CISU CISX CIS4 CRLR CISM CEPF CPSS CJSR CESL CISP CIS1 CJSL CRST CPCT CFCR CJLR RESOURCE=TRANID PROTECT NAMES: CEDF TSEU CICSTEST INITPGM=DFH ID=K TYPE=004 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR ATTRIBUTES=LUUPD MODE=WARN DOWN=GLOBAL LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 FACMATRX=NO EXTSEC=YES EJBRPRFX=NO XJCT=YES XFCT=YES XCMD=YES XDCT=YES XTRAN=YES XDB2=NO XEJB=NO XTST=YES XPSB=YES XPCT=YES XPPT=YES XAPPC=NO XUSER=NO XHFS=NO XRES=NO PCTEXTSEC=OVERRIDE PCTCMDSEC=OVERRIDE PCTRESSEC=OVERRIDE DSNCHECK=NO LTLOGOFF=NO RLP=NO SLP=NO PCLOCK=NO MAXUSER=03000 PRFT=003 MAXSIGN=010,RETRY CICSCACHE=TASKLIFE,NOAUDIT,0512 FACILITY DISPLAY FOR CICSTEST BYPASS TABLE DISPLAY FOR FACILITY CICSTEST RESOURCE=LOCKTIME BYPASS NAMES: TSS RESOURCE=TRANID BYPASS NAMES: CAQP CATA CATD CATP CATR CAUT CCIN CCMF CDBD CDBN CDBO CDBT CDTS CECS CEGN CEHP CEHS CESC CESF CESN CFTS CGRP CITS CJSS CLQ2 CLR1 CLR2 CLS3 CLS4 CMPX CMTS CNPX COVR CPLT CPMI CQPI CQPO CQRC CQRY CRDR CRMD CRSQ CRSR CRSY CRTE CRTR CSAC CSCY CSFU CSGM CSGX CSHR CSIR CSJC CSKP CSLG CSMI CSM1 CSM2 CSM3 CSM4 CSM5 CSNC CSNE CSPG CSPK CSRK CSPP CSPQ CSPS CSRS CSSC CSSF CSSN CSSX CSSY CSTA CSTB CSTE CSTP CSTT CSXM CSXX CSZI CVMI CVST CWTR CXCU CXRE CXRT TS 8888 9999 .... .... .... .... .... .... CFTL CFSL CKTI CKAM CFCL CIOD CIOF CIOR CIRR CJTR CSHA CSHQ CSOL CTSD CWBG CWXN CDBF CEX2 CFQR CFQS CSFR CSQC CDBQ CRMF CLSG CFOR CJMJ CLS1 CLS2 CPIH CPIL CPIQ CRTP CWXU CFIR CPIS CISC CISD CISE CISR CISS CIST CJGC CJPI CISB CEPD CEPM CISQ CISU CISX CIS4 CRLR CISM CEPF CPSS CJSR CESL CISP CIS1 CJSL CRST CPCT CFCR CJLR RESOURCE=TRANID PROTECT NAMES: CEDF TSEU COMPLETE INITPGM=THR ID=C TYPE=21 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 CONSOLE INITPGM=*** ID=CN TYPE=02 ATTRIBUTES=ACTIVE,NOSHRPRF,NOASUBM,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,EODINIT,DORMPW,NONPWR, MODE=FAIL DOWN=BYPASS LOGGING=ACCESS,INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 MAXUSER=03000 PRFT=003 DB2PROD INITPGM=CAD ID=DB TYPE=100 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 DB2TEST INITPGM=CAD ID=DT TYPE=100 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 ENVIRON INITPGM=ENV ID=E TYPE=15 ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,ABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 HSM INITPGM=ARC ID=H TYPE=099 ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,NOABEND,SUAS,NOXDEF ATTRIBUTES=NOASUBM,MSGLC,NOEODINIT,IJU ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD ATTRIBUTES=NOTRACE,NODORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=INIT,SMF,MSG,ACCESS,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 IDMSPROD INITPGM=RHD ID=M TYPE=11 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=ACCESS,INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 IDMSTEST INITPGM=RHD ID=Q TYPE=11 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 IMSPROD INITPGM=DFS ID=I TYPE=05 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 IMSTEST INITPGM=DFS ID=X TYPE=05 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,NORES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 INTERACT INITPGM=MEN ID=I TYPE=14 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=5 JES INITPGM=HAS ID=J TYPE=12 ATTRIBUTES=ACTIVE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,DORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 OPENMVS INITPGM=IEFIIC ID=OE TYPE=093 ATTRIBUTES=IN-USE,ACTIVE,NOSHRPRF,NOASUBM,NOABEND,SUAS,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,EODINIT,IJU,DORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=INIT,SMF,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 NCCF INITPGM=DSI ID=N TYPE=06 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,ABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,NOAUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR,NOEODINIT,IJU MAXUSER=03000, PRFT=003 LOGGING=INIT,MSG DOWN=GLOBAL UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 ROSCOE INITPGM=ROS ID=R TYPE=07 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=NOTRACE,NODORMPW,NONPWR,MSGLC MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 STC INITPGM=IEESB605 ID=S TYPE=02 ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF ATTRIBUTES=LUMSG,NOSTMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,NOWARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 TONE INITPGM=TON ID=T TYPE=13 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,ABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=ACCESS,INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 TSO INITPGM=IKJEFLC ID=T TYPE=03 ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD ATTRIBUTES=NOTRACE,NODORMPW,NONPWR,MSGLC MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 UNICNTR INITPGM=*** ID=UN TYPE=104 ATTRIBUTES=IN-USE,NOSHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,DORMPW,NONPWR MODE=WARN DOWN=GLOBAL LOGGING=MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 MAXUSER=03000 PRFT=003 VAMSPF INITPGM=VAM ID=V TYPE=09 ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,TSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 VM INITPGM=TSS ID=V TYPE=08 ATTRIBUTES=ACTIVE,SHRPRF,NOASUBM,ABEND,SUAS,NOXDEF ATTRIBUTES=NOLUMSG,NOSTMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8 WYLBUR INITPGM=UEX ID=W TYPE=10 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,NORNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFCMD ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8
User Facilities
In addition to the pre-defined facility entries, there are 222 user facility entries, named USER0 through USER221, available for the site customization. Each facility entry has identical attributes with only the ID field unique to each. The following table illustrates this relationship:
Facilities
ID Field
USER0 -- USER99
0 through 99
USER100 - USER109
A0 through A9
USER110 - USER119
B0 through B9
USER120 - USER129
C0 through C9
USER130 - USER139
D0 through D9
USER140 - USER149
E0 through E9
USER150 - USER159
F0 through F9
USER160 - USER169
G0 through G9
USER170 - USER179
H0 through H9
USER180 - USER189
I0 through I9
USER190 - USER199
J0 through J9
USER200 - USER209
K0 through K9
USER210 - USER219
L0 through L9
USER220 - USER221
M0 through M1
The ID field is the same as the numeric value of the USERnnn facility. For example, for facility USER0 the ID= is 0, for facility USER23 the ID= is 23, and so on.
USERnnn INITPGM=******** id=xx TYPE=99 ATTRIBUTES=ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF ATTRIBUTES=LUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFTRANS ATTRIBUTES=MSGLC,NOTRACE,NODORMPW,NONPWR MODE=FAIL LOGGING=INIT,MSG,SEC9 UIDACID=8 LOCKTIME=000 DEFACID=*NONE* KEY=8