This document describes the SAF Security Resource Names.
The following tables show the various configuration options which affect the length of resource names and the corresponding resource name maximum length based on those options.
Important:
The resource class/type must support the maximum length
defined in these tables before the appropriate configuration parameter is
activated.
AAFPRFX |
XLEVEL =3
|
DBADMIN =Y
|
Maximum Length |
---|---|---|---|
N | N | N | 17 |
Y | N | N | 26 |
N | Y | N | 26 |
Y | Y | N | 35 |
Y or N | Y or N | Y | 64 |
UTI |
AAFPRFX |
Maximum Length |
---|---|---|
1 | N | 17 |
1 | Y | 26 |
2 | Y or N | 64 |
3 | Y or N | 64 |
AAFPRFX |
NETADMIN =Y
|
Maximum Length |
---|---|---|
N | N | 17 |
Y | N | 26 |
Y or N | Y | 64 |
The following table describes the resource names used by Adabas SAF Security for specific operational environments.
Refer to Resource Names for Adabas SAF Security Operator Commands for a description of the common resource name used for all Adabas SAF Security operator commands applicable to these environments.
When starting an Adabas nucleus, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:
NUCddddd.SVCsvc
When starting a batch job in single-user mode, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:
USRddddd.SVCsvc
When starting ADACOM, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:
COMddddd.SVCsvc
where
Value | Description |
---|---|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the
setting of the DELIM configuration parameter.
|
SVCsvc | is the characters SVC followed by the 3-digit decimal number of the Adabas SVC. |
Refer to Nucleus Start-up in the Operations section for additional information and examples.
Adabas SAF Security authorizes use of Adabas data by building a resource name to
represent the file being used. The format of the resource name differs depending on the
DELIM
configuration parameter as follows:
lvldddddFILnnnnn |
if DELIM =N
|
CMDddddd.FILnnnnn |
if DELIM =Y
|
where
Value | Description |
---|---|
lvl | is the required access level (ACC for access-type commands and UPD for update-type commands) |
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
nnnnn | is the file number, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
Refer to Adabas and Natural Commands in the Operations section for general information on protecting Adabas files.
As an alternative to the above format, the use of AAFFILE to define grouped resource names may also be used. Refer to Grouped Resource Names for Adabas Files for more information.
This section describes the formatting of the resource name when an Adabas operator command is issued to any of the following jobs:
Adabas nucleus
Adabas utility
When processing an operator command, Adabas SAF Security will check that the User ID under which the Adabas job is executing has read access to a resource name of the following format:
OPRddddd.command
where
Value | Description |
---|---|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
command | is the operator command.
Note: |
Refer to Adabas Nucleus Operator Commands in the Operations section for general information on protecting Adabas operator commands.
As an alternative to the above format, the use of ADAEOPTB enables operator command grouping, resulting in resource names of the following format:
OPRddddd.groupname
where
Value | Description |
---|---|
groupname | is the group name associated by ADAEOPTB to the operator command being processed. |
Refer to Grouped Resource Names for Adabas Operator Commands for more information on grouped resource names using ADAEOPTB.
The protection of Adabas nucleus administration functions is controlled by the
DBADMIN
configuration parameter.
ADASAF SAF Security first establishes a user's right to perform administration against an Adabas nucleus by verifying that the user has read access to the resource:
ADANUCddddd.UTILITY
Adabas SAF Security then authorizes the use of Adabas nucleus administration functions
by verifying the user has read access to a resource name representing the function being
executed. The format of this resource name depends on whether the administration
function is file-related and if the FILE option of the DBADMIN
configuration parameter is specified, as indicated by this table:
File-related function |
DBADMIN =
|
Resource Name |
---|---|---|
No | Y,NOFILE |
ADANUCddddd.function |
No | Y,FILE |
ADANUCddddd.function |
Yes | Y,NOFILE |
ADANUCddddd.function |
Yes | Y,FILE |
ADANUCddddd.function.UFLfnr |
where
Value | Description |
---|---|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
function | is the administration function being processed. Refer to Adabas Administration Functions for a list of all applicable functions. |
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
UFLfnr | is the characters UFL followed by the file number, specified
in the format defined by the setting of the DBFLEN
configuration parameter.
|
Refer to Adabas Nucleus Administration Functions in the Operations section for general information on protecting Adabas nucleus administration functions.
As an alternative to the above resource name format, the use of Adabas administration function and file grouping enables resource names to be constructed with the following format:
ADANUCddddd.functiongroupname
ADANUCddddd.functiongroupname.filegroupname
where
Value | Description |
---|---|
functiongroupname | is the group name associated by the AAFNUCTB function grouping table to the nucleus administration function being processed. |
filegroupname | is the group name associated by the UFTnnnnn file grouping table to the file number specified for the nucleus administration function being processed. (where nnnnn is the database ID against which the nucleus administration function is being processed.) |
Refer to Grouped Resource Names for Adabas Administration Functions for more information on the use of Adabas administration function and file grouping.
The following table lists the administration function name used in the formatting of
the resource name, it’s description, and whether or not
it is file-related (and therefore subjected to the FILE setting of the DBADMIN
configuration parameter):
Function | Description | File-related |
---|---|---|
ADD |
Add database extent | No |
ADDCLOG |
Add CLOG data sets | No |
ADDPLOG
|
Add PLOG data sets | No |
ADMIN_CACHE |
Manage Cache Facility resources | No |
ADMIN_DSF |
Manage Delta Save Facility resources | No |
ADMIN_SMGT
|
Manage Smart Management resources | No |
ADMIN_SPT |
Manage Stored Procedure and Trigger resources | No |
ADMIN_TCPIP |
Manage TCP/IP resources | No |
ALLOCATE |
Allocate file extent | Yes |
AUDITING |
Manage Adabas Audit Server file resources | Yes |
AUDITSERVER |
Manage Adabas Audit Server resources | No |
CATCH_RSP |
Force dump on specific response codes | No |
CHANGE |
Modify field length/format | Yes |
CVOLSER |
Display file extents on a given volume | No |
DCLOGSTATUS |
Display CLOG status | No |
DDURATION |
Display nucleus duration | No |
DEALLOCATE |
Deallocate file extent | Yes |
DECREASE |
Decrease last ASSO/DATA data set size | No |
DEFINE_FDT |
Define new FDT | Yes |
DEFINE_FILE |
Define file | Yes |
DELCLOG |
Delete CLOG data sets | No |
DELCP
|
Delete checkpoint records | No |
DELDE |
Logically delete a descriptor | Yes |
DELETE |
Delete file | Yes |
DELFN |
Logically delete fields | Yes |
DELPLOG
|
Delete PLOG data sets | No |
DFILE |
Display file information | Yes |
DIDT |
Display ID Table | No |
DMAINTENANCE |
Display maintenance levels | No |
DMODULE |
Display contents of a loaded module | No |
DPLOGSTATUS |
Display PLOG status | No |
DPRODUCTS |
Display installed products | No |
DRABN |
Display RABN information | No |
DSREUSE |
Modify DSREUSE file status | Yes |
DTIMEZONE |
Display time zone | No |
DVOLSER |
Display VOLSER table | No |
DWORKSTATUS |
Display WORK status | No |
ENCODEF |
Modify file encoding | Yes |
ETDATA_DELETE |
Delete ET-data record | No |
EXPFILE |
Insert/Remove file from Expanded File chain | Yes |
FILEREADONLY |
Modify FILEREADONLY status | Yes |
FORCE_ETBT |
Terminate PET user heuristically | No |
INCREASE |
Increase last ASSO/DATA data set size | No |
INSERT |
ADASCR: Insert/Update password/permission levels | Yes |
ISNREUSE |
Modify ISNREUSE file status | Yes |
LOG_RSP |
Log calls with specific response codes | No |
MIXDSDEV |
Modify MIXDSDEV file status | Yes |
MODFCB |
Modify file parameters | Yes |
MUPEX |
Modify MUPEX file status | Yes |
NEWFIELD |
Add new field | Yes |
ONLADD |
Add ASSO/DATA data sets dynamically | No |
ONLINCREASE |
Increase last ASSO/DATA data set size dynamically | No |
ONLINVERT |
Start online invert process | Yes |
ONLREORFASSO |
Start online reorder ASSO for files | Yes |
ONLREORFDATA |
Start online reorder DATA for files | Yes |
OPERCOM_ADAEND |
Terminate nucleus session normally | No |
OPERCOM_ALOCKF |
Lock file in advance | Yes |
OPERCOM_AOSLOG |
Modify AOSLOG parameter | No |
OPERCOM_ASSOSPACEWARN |
Modify ASSOSPACEWARN parameter | No |
OPERCOM_ASYTVS |
Modify ASYTVS parameter | No |
OPERCOM_AUDCONNECT |
Force a connection attempt between Adabas Audit Servers and Adabas nuclei | No |
OPERCOM_AUDITLOG |
Modify AUDITLOG parameter | No |
OPERCOM_AUTOINCASSOSIZE |
Modify AUTOINCASSOSIZE parameter | No |
OPERCOM_AUTOINCASSOTHRESHOLD |
Modify AUTOINCASSOTHRESHOLD parameter | No |
OPERCOM_AUTOINCASSOTOTAL |
Modify AUTOINCASSOTOTAL parameter | No |
OPERCOM_AUTOINCDATASIZE |
Modify AUTOINCDATASIZE parameter | No |
OPERCOM_AUTOINCDATATHRESHOLD |
Modify AUTOINCDATATHRESHOLD parameter | No |
OPERCOM_AUTOINCDATATOTAL |
Modify AUTOINCDATATOTAL parameter | No |
OPERCOM_BATCH |
Batch thread support | No |
OPERCOM_CANCEL |
Cancel nucleus session immediately | No |
OPERCOM_CLOGMRG |
Modify CLOGMRG parameter | No |
OPERCOM_CLUFREEUSER |
Delete leftover cluster user table elements | No |
OPERCOM_CLUPUBLPROT |
Modify CLUPUBLPROT parameter | No |
OPERCOM_CT |
Modify CT parameter | No |
OPERCOM_DATASPACEWARN |
Modify DATASPACEWARN parameter | No |
OPERCOM_DAUDPARM |
Display Auditing parameters | No |
OPERCOM_DAUDSTAT |
Display Auditing statistics | No |
OPERCOM_DAUQ |
Display most recently active user queue elements | No |
OPERCOM_DCMDSTAT |
Display command usage | No |
OPERCOM_DCQ |
Display all command queue elements | No |
OPERCOM_DDIB |
Display DIB information | No |
OPERCOM_DDSF |
Display DSF status | No |
OPERCOM_DDURATION |
Display nucleus duration | No |
OPERCOM_DFILES |
Display user type by file | Yes |
OPERCOM_DFILESTAT |
Display command statistics by file | No |
OPERCOM_DFILUSE |
Display file command count | Yes |
OPERCOM_DHQA |
Display all hold queue elements | No |
OPERCOM_DLOCKF |
Display locked files | No |
OPERCOM_DMEMTB |
Display MEMSTATE table | No |
OPERCOM_DNC |
Display no. of selectable command queue elements | No |
OPERCOM_DNFV |
Display NFV | No |
OPERCOM_DNH |
Display no. of ISNs in the hold queue | No |
OPERCOM_DNU |
Display no. of current users | No |
OPERCOM_DONLSTAT |
Display online reorder/invert status | No |
OPERCOM_DPARM |
Display nucleus session parameters | No |
OPERCOM_DPPT |
Display PPT | No |
OPERCOM_DRES |
Display nucleus resource usage | No |
OPERCOM_DRPLPARM |
Display replication-related parameters | No |
OPERCOM_DRPLSTAT |
Display replication-related statistics | No |
OPERCOM_DSPACE |
Display ASSO/DATA space statistics | No |
OPERCOM_DSTAT |
Display nucleus operating status | No |
OPERCOM_DTH |
Display thread status | No |
OPERCOM_DUQ |
Display user queue element(s) | No |
OPERCOM_DUUQE |
Display utility user queue element(s) | No |
OPERCOM_DVOLIO |
Display ASSO/DATA I/Os by VOLSER | No |
OPERCOM_DXCACHE |
Display cache-related statistics | No |
OPERCOM_DXFILE |
Display cache-related file statistics | Yes |
OPERCOM_DXLOCK |
Display lock-related statistics | No |
OPERCOM_DXMSG |
Display messaging statistics | No |
OPERCOM_DXWORK |
Display WORK I/O statistics | No |
OPERCOM_DZSTAT |
Display zIIP-related statistics | No |
OPERCOM_FEOFAL |
Force an ALOG switch | No |
OPERCOM_FEOFCL |
Force a CLOG switch | No |
OPERCOM_FEOFPL |
Force a PLOG switch | No |
OPERCOM_FMXIO |
Modify FMXIO parameter | No |
OPERCOM_HALT |
Stop nucleus session | No |
OPERCOM_INDEXCROSSCHECK |
Modify INDEXCROSSCHECK parameter | No |
OPERCOM_LICREFRESH |
Refresh the license file | No |
OPERCOM_LOCKF |
Lock file | Yes |
OPERCOM_LOCKU |
Lock file for non-utility use | Yes |
OPERCOM_LOCKX |
Lock file for non-EXF/EXU users | Yes |
OPERCOM_LOGALL |
Log all commands | No |
OPERCOM_LOGCB |
Start logging the Adabas control block | No |
OPERCOM_LOGFB |
Start logging the Adabas format buffer | No |
OPERCOM_LOGGING |
Start command logging | No |
OPERCOM_LOGIB |
Start logging the Adabas ISN buffer | No |
OPERCOM_LOGIO |
Start logging Adabas I/O activity | No |
OPERCOM_LOGRB |
Start logging the Adabas record buffer | No |
OPERCOM_LOGSB |
Start logging the Adabas search buffer | No |
OPERCOM_LOGUX |
Start logging user data | No |
OPERCOM_LOGVB |
Start logging the Adabas value buffer | No |
OPERCOM_LOGVOLIO |
Start logging the extended I/O list | No |
OPERCOM_LOGWARN |
Modify CLOG/PLOG status check frequency | No |
OPERCOM_LS |
Modify LS parameter | No |
OPERCOM_LU |
Modify LU parameter | No |
OPERCOM_MXCANCEL |
Modify MXCANCEL parameter | No |
OPERCOM_MXCANCELWARN |
Modify MXCANCELWARN parameter | No |
OPERCOM_MXMSG |
Modify MXMSG parameter | No |
OPERCOM_MXMSGWARN |
Modify MXMSGWARN parameter | No |
OPERCOM_MXSTATUS |
Modify MXSTATUS parameter | No |
OPERCOM_MXWTOR |
Modify MXWTOR parameter | No |
OPERCOM_NISNHQ |
Modify the NISNHQ parameter | No |
OPERCOM_NOLOGCB |
Stop logging the Adabas control block | No |
OPERCOM_NOLOGFB |
Stop logging the Adabas format buffer | No |
OPERCOM_NOLOGGING |
Stop command logging | No |
OPERCOM_NOLOGIB |
Stop logging the Adabas ISN buffer | No |
OPERCOM_NOLOGIO |
Stop logging Adabas I/O activity | No |
OPERCOM_NOLOGRB |
Stop logging the Adabas record buffer | No |
OPERCOM_NOLOGSB |
Stop logging the Adabas search buffer | No |
OPERCOM_NOLOGUX |
Stop logging user data | No |
OPERCOM_NOLOGVB |
Stop logging the Adabas value buffer | No |
OPERCOM_NOLOGVOLIO |
Stop logging the extended I/O list | No |
OPERCOM_NONDES |
Modify NONDES parameter | No |
OPERCOM_NQCID |
Modify NQCID parameter | No |
OPERCOM_NSISN |
Modify NSISN parameter | No |
OPERCOM_ONLRESUME |
Resume a suspended online reorder/invert | No |
OPERCOM_ONLSTOP |
Stop online reorder/invert | No |
OPERCOM_ONLSUSPEND |
Suspend an online reorder/invert | No |
OPERCOM_RALOCKF |
Remove advance lock on file | Yes |
OPERCOM_RALOCKFA |
Remove advance lock on all files | No |
OPERCOM_RDUMPST |
Reset online dump status | No |
OPERCOM_READONLY |
Modify READONLY parameter | No |
OPERCOM_REFSTPRT |
Modify REFSTPRT parameter | No |
OPERCOM_REVIEW |
Modify REVIEW parameter | No |
OPERCOM_REVFILTER |
Modify REVFILTER parameter | No |
OPERCOM_RFDUMPST |
Reset file online dump status | No |
OPERCOM_RNFV |
Refresh NFV | No |
OPERCOM_RPLCHECK |
Perform replication cross-check function | No |
OPERCOM_RPLCLEANUP |
Clean up interrupted replication job | No |
OPERCOM_RPLCONNECT |
Force a replication connection attempt | No |
OPERCOM_RPLCONNECTCOUNT |
Modify RPLCONNECTCOUNT parameter | No |
OPERCOM_RPLCONNECTINTERVAL |
Modify RPLCONNECTINTERVAL parameter | No |
OPERCOM_RPLREFRESH |
Refresh replication parameters | No |
OPERCOM_RUFT |
Refresh UFT | No |
OPERCOM_SECUID |
Modify SECUID parameter | No |
OPERCOM_STOPF |
Stop users using a file | Yes |
OPERCOM_STOPI |
Stop inactive users | No |
OPERCOM_STOPSU |
Stop user by security user id | No |
OPERCOM_STOPSUR |
As above but with response code notification | No |
OPERCOM_STOPU |
Stop user by Adabas-assigned user id or job name | No |
OPERCOM_STOPUR |
As above but with response code notification | No |
OPERCOM_SYNCC |
Force resynchronization of all ET users | No |
OPERCOM_TFLUSH |
Modify TFLUSH parameter | No |
OPERCOM_TLOG |
Modify the level of replication transaction logging | No |
OPERCOM_TLSCMD |
Modify TLSCMD parameter | No |
OPERCOM_TNAA |
Modify TNAA parameter | No |
OPERCOM_TNAE |
Modify TNAE parameter | No |
OPERCOM_TNAX |
Modify TNAX parameter | No |
OPERCOM_TT |
Modify TT parameter | No |
OPERCOM_UNLOCKF |
Unlock file | Yes |
OPERCOM_UNLOCKU |
Unlock file for non-utility use | Yes |
OPERCOM_UNLOCKX |
Unlock file for non-EXF/EXU users | Yes |
OPERCOM_UTIONLY |
Modify UTIONLY parameter | No |
OPERCOM_ZIIP |
Modify ZIIP parameter | No |
PASSWORD_CHANGE |
ADASCR: Change password | No |
PASSWORD_DELETE |
ADASCR: Delete password | No |
PFIELDS |
ADASCR: Modify field protection/permission levels | Yes |
PFILES |
ADASCR: Modify file protection/permission levels | No |
PROFILE_CHANGE |
Modify user profile | No |
PPW |
ADASCR: Request security information | No |
PRIORITY |
Modify user priority | No |
PROTECT |
ADASCR: Define field/file protection levels | Yes |
REACTLOG |
Reactivate command logging | No |
READ_STATISTICS |
Display statistics | No |
RECORDSPANNING |
Modify record spanning file status | Yes |
RECOVER |
Recover space | No |
REFRESH |
Refresh file | Yes |
REFRESHSTATS |
Reset statistical values | No |
RELEASE |
Release descriptor | Yes |
REMOVE |
ADASCR: Remove all field/file protection levels | No |
RENAME |
Rename database | No |
RENAME |
Rename file | Yes |
RENUMBER |
Renumber file | Yes |
REPLICATION |
Activate or Deactivate replication | Yes |
REPTOR |
Manage Event Replicator resources | No |
RESETDIB |
Reset active utility list (DIB) | No |
SBYVALUE |
ADASCR: Define security-by-value criteria | Yes |
START_STATISTICS |
Start statistics | No |
TRANSACTIONS |
Suspend/Resume update transaction processing | No |
UNCOUPLE |
Uncouple files | Yes |
UNDELDE |
Logically undelete descriptors | Yes |
UNDELFN |
Logically undelete fields | Yes |
UNUSED_FILE |
Display unused file number | No |
USERISN |
Modify USERISN file status | Yes |
ZAP_MODULE |
Zap loaded module | No |
Cross-level security checking is controlled by the XLEVEL
configuration parameter.
For the simple cross-level security checks (XLEVEL
=1 and
XLEVEL
=2), the same resource names are used as described in
Resource Names for Adabas Files.
For more complex cross-level security checks (XLEVEL
=3), Adabas
SAF Security will check that the User ID has access to a resource name of the following
format:
uuuuuuuu.dddddddd.ffffffff
where:
uuuuuuuu | is the User ID of the originating job |
dddddddd.ffffffff | is the standard resource name as described in Resource Names for Adabas Files. |
Refer to Cross-Level Security Checking in the Operations section for additional information and examples.
Adabas Utility protection is controlled by the UTI
configuration parameter which provides three
levels of protection; name-level, function-level and function/file-level.
Refer to Utility Start-up in the Operations section for additional information and examples.
For name-level protection (UT1
=1, the default), resource names
have the following format:
pppddddd.SVCsvc
where:
Value | Description |
---|---|
ppp | is the last three characters of the program name specified
by the ADARUN PROG = parameter. For example, CMP for the
ADACMP utility or SAV for the ADASAV utility.
|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
SVCsvc | is the characters SVC followed by the 3-digit decimal number of the Adabas SVC. |
Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.
For function-level protection (UTI
=2), resource names have the
following format:
ppppppddddd.function
where:
Value | Description |
---|---|
pppppp | is the six character name of the program specified by the
ADARUN PROG = parameter. For example,
ADACMP or ADASAV .
|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
Note: |
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
function | is the utility function being executed. Refer to Utility Functions for applicable utility functions. |
Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.
As an alternative to the above resource name format, the use of utility function grouping enables resource names to be constructed with the following format:
ppppppddddd.functiongroupname
where:
Value | Description |
---|---|
functiongroupname | is the group name associated by the AAFUTITB function grouping table to the utility function being processed. |
Refer to Grouped Resource Names for Adabas Utilities for more information on the use of utility function grouping.
For function/file-level protection (UTI
=3), resource names have
the same base format as function-level but include an extra qualifier for those utility
functions that are file-related:
File-related function | Resource Name |
---|---|
No |
ppppppddddd.function |
Yes |
ppppppddddd.function.UFLfnr |
where
Value | Description |
---|---|
pppppp | is the six character name of the program specified by the
ADARUN PROG = parameter. For example,
ADACMP or ADASAV .
|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
Note: |
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
function | is the utility function being executed. Refer to Utility Functions for applicable utility functions. |
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
UFLfnr | is the characters UFL followed by the file number, specified
in the format defined by the setting of the DBFLEN
configuration parameter.
|
Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.
As an alternative to the above resource name format, the use of utility function and file grouping enables resource names to be constructed with the following format:
ppppppddddd.functiongroupname
ppppppddddd.functiongroupname.filegroupname
where:
Value | Description |
---|---|
functiongroupname | is the group name associated by the AAFUTITB function grouping table to the utility function being processed. |
filegroupname | is the group name associated by the UFTnnnnn file grouping table to the file number specified for the utility function being processed. (where nnnnn is the database ID against which the utility function is being processed.) |
Refer to Grouped Resource Names for Adabas Utilities for more information on the use of utility function and file grouping.
The information in the following table is applicable only to the use of UTI
configuration
parameter options 2 and 3.
The table describes the utility functions used in the formatting of the resource names
for Function-level protection (UTI
=2) and Function/File-level
protection (UTI
=3) of utilities. In addition, each entry in the
table is identified as being file-related or not.
If a utility/function is file-related and Function/File-level protection is active, the resource name will include an additional qualifier identifying the appropriate file number.
Utility | Function | File-related |
---|---|---|
ADACDC | - | Yes |
ADACHK | - | No |
ADACMP | COMPRESS | Yes |
DECOMPRESS | Yes | |
ADACNV | - | No |
ADADBS | ADD | No |
ADDALOG | No | |
ADDCLOG | No | |
ADDPLOG | No | |
ALLOCATE | Yes | |
AUDITING | Yes | |
AUDITSERVER | No | |
CHANGE | Yes | |
CVOLSER | No | |
DEALLOCATE | Yes | |
DECREASE | No | |
DELALOG | No | |
DELCLOG | No | |
DELCP | No | |
DELDE | Yes | |
DELETE | Yes | |
DELFN | Yes | |
DELPLOG | No | |
DEVENTLOG | No | |
DSREUSE | Yes | |
ENCODEF | Yes | |
EXPFILE | Yes | |
INCREASE | No | |
ISNREUSE | Yes | |
MODFCB | Yes | |
MUPEX | Yes | |
NEWFIELD | Yes | |
ONLADD | No | |
ONLINCREASE | No | |
ONLINVERT | Yes | |
ONLREORFASSO | Yes | |
ONLREORFDATA | Yes | |
ONLREORFILE | Yes | |
OPERCOM_ADAEND | No | |
OPERCOM_ALOCKF | No | |
OPERCOM_ASSOSPACEWARN | No | |
OPERCOM_AUDCONNECT | No | |
OPERCOM_AUDITLOG | No | |
OPERCOM_AUTOINCASSOSIZE | No | |
OPERCOM_AUTOINCASSOTHRESHOLD | No | |
OPERCOM_AUTOINCASSOTOTAL | No | |
OPERCOM_AUTOINCDATASIZE | No | |
OPERCOM_AUTOINCDATATHRESHOLD | No | |
OPERCOM_AUTOINCDATATOTAL | No | |
OPERCOM_CANCEL | No | |
OPERCOM_CLOGMRG | No | |
OPERCOM_CLUPUBLPROT | No | |
OPERCOM_CT | No | |
OPERCOM_DATASPACEWARN | No | |
OPERCOM_DAUDPARM | No | |
OPERCOM_DAUDSTAT | No | |
OPERCOM_DAUQ | No | |
OPERCOM_DCMDSTAT | No | |
OPERCOM_DCQ | No | |
OPERCOM_DDIB | No | |
OPERCOM_DDSF | No | |
OPERCOM_DFILES | No | |
OPERCOM_DFILESTAT | No | |
OPERCOM_DFILUSE | No | |
OPERCOM_DHQA | No | |
OPERCOM_DLOCKF | No | |
OPERCOM_DNC | No | |
OPERCOM_DNH | No | |
OPERCOM_DNU | No | |
OPERCOM_DONLSTAT | No | |
OPERCOM_DPARM | No | |
OPERCOM_DRES | No | |
OPERCOM_DRPLPARM | No | |
OPERCOM_DRPLSTAT | No | |
OPERCOM_DSPACE | No | |
OPERCOM_DSTAT | No | |
OPERCOM_DTH | No | |
OPERCOM_DUQ | No | |
OPERCOM_DUUQE | No | |
OPERCOM_DVOLIO | No | |
OPERCOM_DXCACHE | No | |
OPERCOM_DXFILE | No | |
OPERCOM_DXLOCK | No | |
OPERCOM_DXMSG | No | |
OPERCOM_DXSTAT | No | |
OPERCOM_DXWORK | No | |
OPERCOM_DZSTAT | No | |
OPERCOM_FEOFAL | No | |
OPERCOM_FEOFCL | No | |
OPERCOM_FEOFPL | No | |
OPERCOM_HALT | No | |
OPERCOM_INDEXCROSSCHECK | No | |
OPERCOM_LOCKF | Yes | |
OPERCOM_LOCKU | Yes | |
OPERCOM_LOCKX | Yes | |
OPERCOM_LOGCB | No | |
OPERCOM_LOGFB | No | |
OPERCOM_LOGGING | No | |
OPERCOM_LOGIB | No | |
OPERCOM_LOGIO | No | |
OPERCOM_LOGRB | No | |
OPERCOM_LOGSB | No | |
OPERCOM_LOGUX | No | |
OPERCOM_LOGVB | No | |
OPERCOM_LOGVOLIO | No | |
OPERCOM_LOGWARN | No | |
OPERCOM_MXCANCEL | No | |
OPERCOM_MXCANCELWARN | No | |
OPERCOM_MXMSG | No | |
OPERCOM_MXMSGWARN | No | |
OPERCOM_MXSTATUS | No | |
OPERCOM_MXWTOR | No | |
OPERCOM_NOLOGCB | No | |
OPERCOM_NOLOGFB | No | |
OPERCOM_NOLOGGING | No | |
OPERCOM_NOLOGIB | No | |
OPERCOM_NOLOGIO | No | |
OPERCOM_NOLOGRB | No | |
OPERCOM_NOLOGSB | No | |
OPERCOM_NOLOGUX | No | |
OPERCOM_NOLOGVB | No | |
OPERCOM_NOLOGVOLIO | No | |
OPERCOM_ONLRESUME | No | |
OPERCOM_ONLSTOP | No | |
OPERCOM_ONLSUSPEND | No | |
OPERCOM_RALOCKF | Yes | |
OPERCOM_RALOCKFA | No | |
OPERCOM_RDUMPST | No | |
OPERCOM_READONLY | No | |
OPERCOM_REVIEW | No | |
OPERCOM_RPLCHECK | No | |
OPERCOM_RPLCLEANUP | No | |
OPERCOM_RPLCONNECT | No | |
OPERCOM_RPLCONNECTCOUNT | No | |
OPERCOM_RPLCONNECTINTERVAL | No | |
OPERCOM_RPLREFRESH | No | |
OPERCOM_SECUID | No | |
OPERCOM_STOPF | Yes | |
OPERCOM_STOPI | No | |
OPERCOM_STOPSU | No | |
OPERCOM_STOPSUR | No | |
OPERCOM_STOPU | No | |
OPERCOM_STOPUR | No | |
OPERCOM_SYNCC | No | |
OPERCOM_TLOG | No | |
OPERCOM_TNAA | No | |
OPERCOM_TNAE | No | |
OPERCOM_TNAX | No | |
OPERCOM_TT | No | |
OPERCOM_UNLOCKF | Yes | |
OPERCOM_UNLOCKU | Yes | |
OPERCOM_UNLOCKX | Yes | |
OPERCOM_UTIONLY | No | |
OPERCOM_ZIIP | No | |
PRIORITY | No | |
REACTLOG | No | |
RECORDSPANNING | Yes | |
RECOVER | No | |
REFRESH | Yes | |
REFRESHSTATS | No | |
RELEASE | Yes | |
RENAME | Yes | |
RENUMBER | Yes | |
REPLICATION | Yes | |
REPTOR | No | |
RESETDIB | No | |
RESETPPT | No | |
SPANCOUNT | Yes | |
TRANSACTIONS | No | |
UNCOUPLE | Yes | |
UNDELDE | Yes | |
UNDELFN | Yes | |
ADADEF | DEFINE | No |
MODIFY | No | |
NEWWORK | No | |
ADADRU | - | No |
ADAFRM | ALOGFRM | No |
ASSOFRM | No | |
ASSORESET | No | |
CLOGFRM | No | |
DATAFRM | No | |
DATARESET | No | |
DSIMFRM | No | |
DSIMRESET | No | |
PLOGFRM | No | |
RLOGFRM | No | |
SORTFRM | No | |
TEMPFRM | No | |
WORKFRM | No | |
WORKRESET | No | |
ADAINV | COUPLE | Yes |
INVERT | Yes | |
ADALOD | LOAD | Yes |
LOAD_AUDITING | Yes | |
LOAD_CHECKPOINT | Yes | |
LOAD_LOB | Yes | |
LOAD_REPLICATOR | Yes | |
LOAD_SECURITY | Yes | |
LOAD_SLOG | Yes | |
LOAD_SYSFILE | Yes | |
LOAD_TRIGGER | Yes | |
UPDATE | Yes | |
ADAMER | - | No |
ADAORD | REORASSO | No |
REORDATA | No | |
REORDB | No | |
REORFASSO | Yes | |
REORFDATA | Yes | |
REORFILE | Yes | |
RESTRUCTUREDB | No | |
RESTRUCTUREF | Yes | |
STORE | Yes | |
ADAPLP | IPLOGPRI | Yes |
PLOGPRI | Yes | |
SPLOGPRI | Yes | |
WORKPRI | Yes | |
ADAPRI | ASSOPRI | No |
CLOGPRI | No | |
DATAPRI | No | |
DSIMPRI | No | |
PLOGPRI | No | |
RLOGPRI | No | |
SORTPRI | No | |
TEMPPRI | No | |
WORKPRI | No | |
ADARAI | - | No |
ADAREP | REPORT | Yes |
CPLIST | Yes | |
CPEXLIST | Yes | |
ADARIS | - | No |
ADARES | ALCOPY | No |
BACKOUT | Yes | |
CLCOPY | No | |
COPY | No | |
MERGE | No | |
PLCOPY | No | |
REGENERATE | Yes | |
REPAIR | No | |
ADARPE | EXTRACT | No |
ADARPL | REPLAY | Yes |
REPLAY_ORIGIN | Yes | |
REPLAY_PLOG | Yes | |
ADARPP | - | No |
ADASAV | MERGE | No |
RESTONL | Yes | |
RESTONL_GCB | Yes | |
RESTORE | Yes | |
RESTORE_GCB | Yes | |
RESTPLOG | Yes | |
SAVE | Yes | |
ADASCR | PASSWORD_CHANGE | No |
PASSWORD_DELETE | No | |
INSERT | Yes | |
PFIELDS | Yes | |
PFILES | No | |
PPW | No | |
PROTECT | Yes | |
REMOVE | No | |
SBYVALUE | Yes | |
ADASEL | SELECT | Yes |
ADAULD | UNLOAD | Yes |
ADAWRK | - | No |
ADAZAP | - | No |
ADAZIN | - | No |
Utilities for which a database ID has no significance do not include the database ID in the resource name.
The following table lists those utility/functions that do not include the database ID in the resource name:
Utility | Function |
---|---|
ADACMP | COMPRESS (with no FDT=) |
ADACMP | DECOMPRESS (with no INFILE=) |
ADAFRM | All functions |
ADAMER | All functions |
ADAPLP | All functions |
ADAPRI | All functions |
ADARPE | All functions |
ADARPP | All functions |
ADASEL | All functions |
ADAZIN | All functions |
Adabas Auditing Configuration protection is controlled by the ABS
configuration
parameter. The ABS
parameter also controls the protection of
Adabas Basic Services and the Adabas Event Replicator Subsystem.
Adabas SAF Security authorizes the use of Adabas Auditing Configuration by building a resource name to represent the function being used, as follows:
AACddddd.function
where
Value | Description |
---|---|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
function | is the administration function/subfunction being processed. See the table below for a list of all applicable functions. |
Before checking any of the individual resources, Adabas SAF Security establishes a user's right to use Adabas Auditing Configuration against a particular Adabas Audit Server by verifying that the user has read access to the resource:
AACddddd.GENERAL
The following table defines the subfunctions for each Adabas Auditing Configuration
function, together with the resource name that is checked (assuming
DBFLEN
=1, and DELIM
=Y).
Note:
The Subfunction resource name is used only when subfunction protection is active
(ABS
=2).
Function (ABS=1) | Subfunction (ABS=2) | Resource Name | Access Required |
---|---|---|---|
Destination Maintenance |
AACddddd.DEST |
Read | |
Display Destinations |
AACddddd.DEST |
Read | |
Maintain Destinations |
AACddddd.DEST |
Update | |
Filter Maintenance |
AACddddd.FILT |
Read | |
Display Filters |
AACddddd.FILT |
Read | |
Maintain Filters |
AACddddd.FILT |
Update | |
Format Buffer Maintenance |
AACddddd.FBUF |
Read | |
Display Format Buffers |
AACddddd.FBUF |
Read | |
Maintain Format Buffers |
AACddddd.FBUF |
Update | |
Subscription Maintenance |
AACddddd.SUBS |
Read | |
Display Subscriptions |
AACddddd.SUBS |
Read | |
Maintain Subscriptions |
AACddddd.SUBS |
Update | |
Global Settings Maintenance |
AACddddd.GLBL |
Read | |
Display Global Settings |
AACddddd.GLBL |
Read | |
Maintain Global Settings |
AACddddd.GLBL |
Update |
Refer to Adabas Auditing Configuration in the Operations section for additional information.
Adabas Event Replicator Subsystem is controlled by the ABS
configuration
parameter. The ABS
parameter also controls the protection of
Adabas Basic Services and Adabas Auditing Configuration.
Adabas SAF Security authorizes the use of Adabas Event Replicator Subsystem by building a resource name to represent the function being used, as follows:
ARFddddd.function
where
Value | Desciption |
---|---|
ddddd | is the Database ID, specified in the format defined by the setting of the
DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting of the
DELIM configuration parameter.
|
function | is the administration function/subfunction being processed. See the table below for a list of all applicable functions. |
Before checking any of the individual resources, Adabas SAF Security establishes a user's right to use Adabas Event Replicator Subsystem against a particular Adabas Replication Server by verifying that the user has read access to the resource:
ARFddddd.GENERAL
The following table defines the subfunctions for each Adabas Event Replicator Subsystem
function, together with the resource name that is checked (assuming
DBFLEN
=1, and DELIM
=Y).
Note:
The Subfunction resource name is used only when subfunction protection is active
(ABS
=2).
Function (ABS=1) | Subfunction (ABS=2) | Resource Name | Required Access |
---|---|---|---|
Destination Maintenance |
ARFddddd.DEST |
Read | |
Display Destinations |
ARFddddd.DEST |
Read | |
Maintain Destinations |
ARFddddd.DEST |
Update | |
Filter Maintenance |
ARFddddd.FILT |
Read | |
Display Filters |
ARFddddd.FILT |
Read | |
Maintain Filters |
ARFddddd.FILT |
Update | |
Format Buffer Maintenance |
ARFddddd.FBUF |
Read | |
Display Format Buffers |
ARFddddd.FBUF |
Read | |
Maintain Format Buffers |
ARFddddd.FBUF |
Update | |
Subscription Maintenance |
ARFddddd.SUBS |
Read | |
Display Subscriptions |
ARFddddd.SUBS |
Read | |
Maintain Subscriptions |
ARFddddd.SUBS |
Update | |
Global Settings Maintenance |
ARFddddd.GLBL |
Read | |
Display Global Settings |
ARFddddd.GLBL |
Read | |
Maintain Global Settings |
ARFddddd.GLBL |
Update | |
Initial State Maintenance |
ARFddddd.INIT |
Read | |
Display Initial State Settings |
ARFddddd.INIT |
Read | |
Maintain Initial State Settings |
ARFddddd.INIT |
Update | |
Input Queue Maintenance |
ARFddddd.INPQ |
Read | |
Display Input Queue Settings |
ARFddddd.INPQ |
Read | |
Maintain Input Queue Settings |
ARFddddd.INPQ |
Update | |
Resend Buffer Maintenance |
ARFddddd.RBUF |
Read | |
Display Resend Buffer Settings |
ARFddddd.RBUF |
Read | |
Maintain Resend Buffer Settings |
ARFddddd.RBUF |
Update |
Refer to Adabas Event Replicator Subsystem in the Operations section for additional information.
Adabas Basic Services protection is controlled by the ABS
configuration
parameter.
Adabas SAF Security authorizes the use of Adabas Basic Services by building a resource name to represent the function being used, as follows:
ABSddddd.function
where
Value | Description |
---|---|
ddddd | is the Database ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
function | is the administration function/subfunction being processed. See the table below for a list of all applicable functions. |
The following tables define the subfunctions for each Adabas Basic Services function,
together with the resource name that is checked (assuming
DBFLEN
=1, and DELIM
=Y).
Before checking any of the individual resources, ADASAF establishes a user's right to use Adabas Basic Services against this nucleus by verifying that the user has read access to the resource:
ABSddddd.GENERAL
Note:
The Subfunction Profile (listed in the following tables) is used only when ABS=2
(subfunction protection).
Function: | Session Monitoring |
---|---|
Function Profile: |
ABSddddd.SESSION |
Subfunction | Subfunction Profile* | Access |
---|---|---|
Display Cluster Members |
ABSddddd.CLUSTER |
Read |
Display Installed Products |
ABSddddd.DISINST |
Read |
Maintain User Profiles |
ABSddddd.USER |
Read |
Display Parameters |
ABSddddd.PARM |
Read |
Modify Parameters |
ABSddddd.PARM |
Update |
Display Queues |
ABSddddd.QUEUES |
Read |
Refresh Nucleus Statistics |
ABSddddd.REFSTATS |
Read |
Current Resource Statistics |
ABSddddd.STATS |
Read |
Maintain TCP/IP URL |
ABSddddd.TCPIP |
Read |
Display Interval Utilization |
ABSddddd.RESUTIL |
Read |
Display Maintenance Levels |
ABSddddd.ZAPS |
Read |
Display Event Log Buffer |
ABSddddd.EVENTLOG |
Read |
Replicator Management |
ABSddddd.REPLMGMT |
Read |
Display Session Utilization |
ABSddddd.SESSUTIL |
Read |
Cluster Usage |
ABSddddd.CLUSTUSE |
Read |
*Used only when ABS=2
(subfunction protection)
Function | Checkpoint Maintenance |
---|---|
Function Profile |
ABSddddd.CHECKP |
Subfunction | Subfunction Profile* | Access |
---|---|---|
List Checkpoints |
ABSddddd.CHECKP |
Read |
Delete Checkpoints |
ABSddddd.CHECKP |
Update |
*Used only when ABS=2
(subfunction protection)
Function | File Maintenance |
---|---|
Function Profile |
ABSddddd.FILE |
Subfunction | Subfunction Profile* | Access |
---|---|---|
Define/Modify FDT |
ABSddddd.FDT |
Read |
Release Descriptor |
ABSddddd.REL |
Read |
Delete File |
ABSddddd.DEL |
Read |
Define New File |
ABSddddd.DEF |
Read |
Modify File Parameters |
ABSddddd.MOD |
Read |
Reorder File Online |
ABSddddd.ORD |
Read |
Refresh Rile to Empty |
ABSddddd.REF |
Read |
Allocate/Deallocate File Space |
ABSddddd.ALL |
Read |
Maintain Expanded Files |
ABSddddd.EXP |
Read |
Logically Delete/Undel Descriptor |
ABSddddd.LOGDDESC |
Read |
*Used only when ABS=2
(subfunction protection)
Function | Database Maintenance |
---|---|
Function Profile |
ABSddddd.DBMAINT |
Subfunction | Subfunction Profile* | Access |
---|---|---|
Add New Dataset to Asso/Data |
ABSddddd.ADD |
Read |
Increase/Decrease Asso/Data |
ABSddddd.INCREASE |
Read |
List/Reset DIB Entries |
ABSddddd.DIB |
Read |
Recover Unused Space |
ABSddddd.RECOVER |
Read |
Uncouple Two Adabas Files |
ABSddddd.UNCOUPLE |
Read |
*Used only when ABS=2
(subfunction protection)
Function | Session Opercoms |
---|---|
Function Profile |
ABSddddd.OPERCOMS |
Subfunction | Subfunction Profile* | Access |
---|---|---|
Extended Error Recovery |
ABSddddd.ERROR |
Read |
Force Dual Log Switch |
ABSddddd.LOG |
Read |
Lock/Unlock Files |
ABSddddd.LOK |
Read |
Reset Online Dump Status |
ABSddddd.RDUMPST |
Read |
Stop User(s) |
ABSddddd.STOPU |
Read |
Termination Commands |
ABSddddd.TERM |
Read |
Manage Online Utilities |
ABSddddd.UTILS |
Read |
Allocation/deallocation of CLOGs/PLOGs |
ABSddddd.LOGALLOC |
Read |
User Table Maintenance |
ABSddddd.USERTAB |
Read |
Issue Reactivate CLOG Command |
ABSddddd.REACCLOG |
Read |
Replicator Management |
ABSddddd.REPLMGMT |
Read |
*Used only when ABS=2
(subfunction protection)
Function | Database Report |
---|---|
Function Profile |
ABSddddd.REPORT |
Subfunction | Subfunction Profile* | Access |
---|---|---|
List Files with Critical Extents |
ABSddddd.EXTENTS |
Read |
Display Field Description Table |
ABSddddd.DFD |
Read |
Display File |
ABSddddd.DIF |
Read |
General Database Layout |
ABSddddd.LAYOUT |
Read |
List VOLSER Distribution |
ABSddddd.VOLSER |
Read |
Display Asso/Data Block |
ABSddddd.DRABN |
Read |
Display Unused Storage |
ABSddddd.UNUSED |
Read |
Display Used Storage (DSPACE) |
ABSddddd.DSPACE |
Read |
*Used only when ABS=2
(subfunction protection)
Function | Space Calculation Report |
---|---|
Function Profile |
ABSddddd.SPACE |
The Space Calculation function has no subfunction profiles.
Adabas SAF Security authorizes the use of Adabas System Coordinator Administration Services by building a resource name to represent the function being used.
The following table shows the online administration functions for which READ access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
COR.SETTINGS |
Display system settings. |
Client Runtime controls |
COR.CLIENT.type.name |
Display, expand, list overrides, copy, display site info for
a runtime control. type is the job type and name is the name,
without *s (so *DEFAULT is checked against DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Daemon Group Parameters |
COR.GROUP.name |
Display, copy or expand a group. name is the name of the group. |
Current Activity Displays Adabas Client Job Information |
COR.ACTIVITY.jobname |
Informational functions. jobname is the name of the selected job. |
Current Activity Displays Network Discovery |
COR.ACTIVITY.DMNnnnnn |
Informational functions. nnnnn is the node-id of the selected daemon. |
Special Services (Fix Display) |
COR.SPECIAL.jobname |
jobname is the name of the client job for which fixes are to be displayed. |
COR.SPECIAL.DMNnnnnn |
nnnnn is the node number of the daemon for which fixes are to be displayed. | |
COR.SPECIAL.DBnnnnn |
nnnnn is the database id of the database for which fixes are to be displayed. |
The following table shows the online administration functions for which UPDATE access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
COR.SETTINGS |
Change system settings. |
Client Runtime controls |
COR.CLIENT.type.name |
Add, modify, purge or rename a runtime control (or one of
its overrides, or its site info). type is the job type and
name is the name, without *s (so *DEFAULT is checked against
DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Daemon Group Parameters |
COR.GROUP.name |
Display, copy or expand a group. name is the name of the group. |
Current Activity Displays Adabas Client Job Information |
COR.ACTIVITY.jobname |
Operational functions. jobname is the name of the selected job. |
Current Activity Displays Network Discovery |
COR.ACTIVITY.DMNnnnnn |
Operational functions. nnnnn is the node-id of the selected daemon |
Adabas SAF Security authorizes the use of Adabas Fastpath Administration Services by building a resource name to represent the function being used.
Function | Resource Name | Notes |
---|---|---|
System Settings |
AFP.SETTINGS |
Display system settings. |
Buffer Parameters |
AFP.BUFFER.name |
Display, copy or list files of a buffer. name is the name of the buffer. |
File Parameters |
AFP.FILE.DBnnnnn.FNRfffff |
Display or copy a file. nnnnn is the database id and fffff is the file number. |
Client Runtime controls |
AFP.CLIENT.type.name |
Display, expand, list overrides, copy, display site info for
a runtime control. type is the job type and name is the name,
without *s (so *DEFAULT is checked against DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Buffer Information |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
Database and File Information |
AFP.ACTIVITY.DBnnnnn AFP.ACTIVITY.DBnnnnn.FNRfffff |
nnnnn is the id of the selected
database. For files, fffff is the file number. |
Optimized Job Information |
AFP.ACTIVITY.jobname |
Detail. jobname is the name of the selected job. |
System Job Information |
AFP.ACTIVITY.jobname |
jobname is the name of the selected job. |
Buffer History |
AFP.HISTORY.name |
name is the name of the selected buffer. |
Asynchronous Buffer Services |
AFP.ACTIVITY.DMNnnnnn |
Informational functions (ABM Information). nnnnn is the node-id of the target daemon. |
Database Component Services |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the target database. |
Local SYSAFP Services |
AFP.ACTIVITY.jobname |
Informational functions (Connection Information and Job Statistics). jobname is the name of the job. |
AFPLOOK Services |
AFP.LOOK.DBnnnnn |
AFPLOOK file and summary displays. nnnnn is the id of the target database. |
Fix Display |
AFP.SPECIAL.jobname |
jobname is the name of the client job for which fixes are to be displayed. |
AFP.SPECIAL.DMNnnnnn |
nnnnn is the node number of the daemon for which fixes are to be displayed. | |
AFP.SPECIAL.DBnnnnn |
nnnnn is the database id of the database for which fixes are to be displayed. |
The following table shows the online administration functions for which UPDATE access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
AFP.SETTINGS |
Change system settings. |
Buffer Parameters |
AFP.BUFFER.name |
Add, modify, purge or rename a buffer. name is the name of the buffer. |
File Parameters |
AFP.FILE.DBnnnnn.FNRfffff |
Add, modify or purge a file. nnnnn is the database id and fffff is the file number. |
Client Runtime controls |
AFP.CLIENT.type.name |
Add, modify, purge or rename a runtime control (or one of
its overrides, or its site info). type is the job type and
name is the name, without *s (so *DEFAULT is checked against
DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Buffer Information |
AFP.ACTIVITY.DMNnnnnn |
Operational services (Restart, Stop, Newcopy, Snap and Log). nnnnn is the node-id of the target daemon. |
Database and File Information |
AFP.ACTIVITY.DBnnnnn AFP.ACTIVITY.DBnnnnn.FNRfffff |
Operational services (Start and Stop). nnnnn is the
id of the selected database. For files, fffff is the file number. |
Optimized Job Information |
AFP.ACTIVITY.jobname |
Services. jobname is the name of the job. |
Asynchronous Buffer Services |
AFP.ACTIVITY.DMNnnnnn |
Operational functions (Restart, Stop, Newcopy, Snap and Log). nnnnn is the node-id of the target daemon. |
Local SYSAFP Services |
AFP.ACTIVITY.jobname |
Operational functions (Reconnect, Disconnect and Newcopy). jobname is the name of the job. |
AFPLOOK Services |
AFP.LOOK.DBnnnnn |
AFPLOOK operational functions (Start, Freeze/Pause, Release). nnnnn is the id of the target database. |
AFPCMD and the online Printing Facility are also subject to SAF Security, as shown in the following table:
Function | Object | Resource Name | Notes |
---|---|---|---|
LIST | JOB |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
LIST | DATABASE |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
LIST | FILE |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
LIST | SET |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
LIST | SUMMARY |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
DISPLAY | JOB |
AFP.ACTIVITY.jobname |
jobname is the name of the job. |
DISPLAY | DATABASE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
DISPLAY | FILE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
DISPLAY | SET |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
DISPLAY | BUFFER |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
DISPLAY | AFPLOOK |
AFP.LOOK.DBnnnnn |
nnnnn is the id of the selected database. |
DISPLAY | ALL | Resource profiles for individual resources are checked as necessary. | |
DISPLAY | SUMMARY |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
PARMS | BUFFER |
AFP.BUFFER.name |
name is the name of the buffer. |
PARMS | JOB |
AFP.CLIENT.type.name |
type is the job type and name is the name,
without *s (so *DEFAULT is checked against DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
PARMS | FILE |
AFP.FILE.DBnnnnn.FNRfffff |
nnnnn is the database id and fffff is the file number. |
STOP | BUFFER |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
STOP | JOB |
AFP.ACTIVITY.jobname |
jobname is the name of the job. |
STOP | DATABASE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
STOP | FILE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
RESTART | BUFFER |
AFP.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
START | JOB |
AFP.ACTIVITY.jobname |
jobname is the name of the job. |
START | DATABASE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
START | FILE |
AFP.ACTIVITY.DBnnnnn |
nnnnn is the id of the selected database. |
LIST, DISPLAY and PARMS functions require READ access to the resource.
STOP, RESTART and START require UPDATE access.
Adabas SAF Security authorizes the use of Adabas Vista Administration Services by building a resource name to represent the function being used.
Function | Resource Name | Notes |
---|---|---|
System Settings |
AVI.SETTINGS |
Display system settings. |
File Partitioning |
AVI.PARTFILE.DBnnnnn.FNRfffff |
Display, copy or expand a partitioned file and its partitions. nnnnn is the source database id. fffff is the source file number. |
File Translation |
AVI.PAGE.name |
Display, copy or expand a page and its translation rules. name is the page name. |
Client Runtime controls |
AVI.CLIENT.type.name |
Display, expand, list overrides, copy, display site info for
a runtime control. type is the job type and name is the name,
without *s (so *DEFAULT is checked against DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Current Activity Displays |
AVI.ACTIVITY.jobname |
jobname is the name of the current job. |
Special Services (Fix Display) |
AVI.SPECIAL.jobname |
jobname is the name of the client job for which fixes are to be displayed. |
AVI.SPECIAL.DMNnnnnn |
nnnnn is the node number of the daemon for which fixes are to be displayed. | |
AVI.SPECIAL.DBnnnnn |
nnnnn is the database id of the database for which fixes are to be displayed. | |
AVILOOK |
AVI.LOOK.DBnnnnn |
AVILOOK file statistics. nnnnn is the id of the target database. |
The following table shows the online administration functions for which UPDATE access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
AVI.SETTINGS |
Change system settings. |
File Partitioning |
AVI.PARTFILE.DBnnnnn.FNRfffff |
Add, modify or purge a partitioned file and its partitions. nnnnn is the source database id. fffff is the source file number. |
File Translation |
AVI.PAGE.name |
Add, modify or purge a page and its translation rules. name is the page name. |
Client Runtime controls |
AVI.CLIENT.type.name |
Add, modify, purge or rename a runtime control (or one of
its overrides, or its site info). type is the job type and
name is the name, without *s (so *DEFAULT is checked against
DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
AVILOOK |
AVI.LOOK.DBnnnnn |
AVILOOK operational functions (Activate, Pause, Reset, Delete). nnnnn is the id of the target database. |
Adabas SAF Security authorizes the use of Adabas Transaction Manager Administration Services by building a resource name to represent the function being used.
Function | Resource Name | Notes |
---|---|---|
System Settings |
ATM.SETTINGS |
Display system settings. |
Client Runtime controls |
ATM.CLIENT.type.name |
Display, expand, list overrides, copy, display site info for
a runtime control. type is the job type and name is the name,
without *s (so *DEFAULT is checked against DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Transaction Manager Information |
ATM.ACTIVITY.DMNnnnnn |
nnnnn is the node-id of the target daemon. |
Special Services (Fix Display) |
ATM.SPECIAL.jobname |
jobname is the name of the client job for which fixes are to be displayed. |
ATM.SPECIAL.DMNnnnnn |
nnnnn is the node number of the daemon for which fixes are to be displayed. | |
ATM.SPECIAL.DBnnnnn |
nnnnn is the database id of the database for which fixes are to be displayed. |
The following table shows the online administration functions for which UPDATE access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
ATM.SETTINGS |
Change system settings. |
Client Runtime controls |
ATM.CLIENT.type.name |
Add, modify, purge or rename a runtime control (or one of
its overrides, or its site info). type is the job type and
name is the name, without *s (so *DEFAULT is checked against
DEFAULT). Valid types are: API-1 API-2 BATCH COMPLETE CICS-DTR CICS IMS UTM TSO CMS TIAM MULTITCB SINGLTCB MISCDTR SPATS |
Adabas SAF Security authorizes the use of Adabas SAF Security Administration Services by building a resource name to represent the function being used.
Function | Resource Name | Notes |
---|---|---|
System Settings |
AAF.SETTINGS |
Display system settings. |
System Statistics |
AAF.ACTIVITY.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
SAF User ID Statistics |
AAF.ACTIVITY.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
Fix Display |
AAF.SPECIAL.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
Storage Display |
AAF.SPECIAL.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
System Tracing |
AAF.ACTIVITY.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
System Parameters |
AAF.ACTIVITY.DBnnnnn |
nnnnn is the id of the database or daemon for which information is requested. |
The following table shows the online administration functions for which UPDATE access to the indicated resource is required:
Function | Resource Name | Notes |
---|---|---|
System Settings |
AAF.SETTINGS |
Change system settings. |
SAF User ID Statistics |
AAF.ACTIVITY.DBnnnnn |
Required to reset or logoff a SAF user. nnnnn is the id of the target database or daemon. |
Server Restart |
AAF.SPECIAL.DBnnnnn |
nnnnn is the id of the target database or daemon. |
When starting Entire Net-Work, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:
NETddddd.SVCsvc
where
Value | Description |
---|---|
ddddd | is the target ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the
setting of the DELIM configuration parameter.
|
SVCsvc | is the characters SVC followed by the 3-digit decimal number of the Adabas SVC. |
Refer to Entire Net-Work Start-up in the Operations section for additional information and examples.
The protection of Entire Net-Work administration functions is controlled by the
NETADMIN
configuration parameter.
Adabas SAF Security authorizes the use of Entire Net-Work administration functions by verifying the user has read access to a resource name representing the function being executed. The format of this resource name is as follows:
NETWRKddddd.category
where
Value | Description |
---|---|
ddddd | is the target ID, specified in the format defined by the
setting of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the
setting of the DELIM configuration parameter.
|
category | is the category of the administration function being processed. See the tables below for a list of all applicable functions and their respective category. |
Refer to Entire Net-Work Administration Functions and Entire Net-Work Operator Commands in the Operations section for general information on protecting Entire Net-Work administration functions and operator commands.
The following function tables describe the administration function name, description, and respective category used in the formatting of the resource name:
Note:
The information in these tables is applicable regardless of whether the
administration function is requested by a console operator command or by the
Programmable Command Interface.
Main Functions | Description | Category |
---|---|---|
DISPLAY ALINKS | Display active links | DISPLAY |
DISPLAY CPU | Display CPU usage | DISPLAY |
DISPLAY CQ | Display command queue | DISPLAY |
DISPLAY CQE | Display command queue element | DISPLAY |
DISPLAY CSCI | Display CSCI information | DISPLAY |
DISPLAY DETAIL | Display detailed target information | DISPLAY |
DISPLAY LINKS | Display links | DISPLAY |
DISPLAY LOGGING | Display log settings | DISPLAY |
DISPLAY NODES | Display nodes | DISPLAY |
DISPLAY PATHS | Display paths | DISPLAY |
DISPLAY STATS | Display statistics | DISPLAY |
DISPLAY TARGETS | Display targets | DISPLAY |
DISPLAY UBQ | Display UB queue | DISPLAY |
DISPLAY ZAPS | Display zap list | DISPLAY |
DISPLAY ZSTATS | Display zIIP statistics | DISPLAY |
CONSOLE | Return log buffer contents (PCI only) | DISPLAY |
SET CQTIMER | Modify CQTIMER | MODIFY |
SET DUMP | Specify data areas to be dumped | MODIFY |
SET LOG | Modify log setting | MODIFY |
SET LOGBUF | Turn buffered logging on/off | MODIFY |
SET LOGBUFSZ | Modify buffered logging buffer size | MODIFY |
SET MAXPATH | Modify MAXPATH | MODIFY |
SET MSGFORM | Modify MSGFORM | MODIFY |
SET PASSWORD | Modify password (PCI only) | MODIFY |
SET REMCMD | Allow/disallow remote PCI calls | MODIFY |
SET REPLYTIM | Modify REPLYTIM | MODIFY |
SET SNAPERR | Modify errors to be snapped | MODIFY |
SET TRACE | Modify trace setting | MODIFY |
SET TRON | Modify trace setting | MODIFY |
SET TROFF | Turn tracing off | MODIFY |
SET UCMSG | Modify UCMSG setting | MODIFY |
SET ULINK | Modify unique link setting | MODIFY |
SET ZIIP | Activate/deactivate zIIP processing | MODIFY |
ADAEND | Terminate session normally | CONTROL |
END | Terminate session normally | CONTROL |
HALT | Terminate session normally | CONTROL |
NETEND | Terminate session normally | CONTROL |
STOP | Terminate session normally | CONTROL |
TERMINATE | Terminate session normally | CONTROL |
DUMP | Snap storage and terminate normally | CONTROL |
CLOSE | Close driver | CONTROL |
OPEN | Open driver | CONTROL |
START | Open a driver | CONTROL |
CONNECT | Connect a link | CONTROL |
DEFINE LINK | Define a new link | CONTROL |
DISABLE | Disable a link | CONTROL |
DISCONNECT | Disconnect a link | CONTROL |
ENABLE | Enable link | CONTROL |
RESUME | Resume link | CONTROL |
SUSPEND | Suspend a link | CONTROL |
LOGDON | Activate driver logging | CONTROL |
LOGDOFF | Deactivate driver logging | CONTROL |
LOGTON | Activate target logging | CONTROL |
LOGTOFF | Deactivate target logging | CONTROL |
CLOSE NETPRNT | Close NETPRNT file | CONTROL |
OPEN NETPRNT | Open NETPRNT file | CONTROL |
TRANSLAT DEFINE | Add a translation definition | CONTROL |
TRANSLAT ADD | Add a translation definition | CONTROL |
TRANSLAT DELETE | Delete a translation definition | CONTROL |
TRANSLAT REMOVE | Delete a translation definition | CONTROL |
TRANSLAT DISPLAY | Display a translation definition | CONTROL |
TRANSLAT LIST | Display a translation definition | CONTROL |
HELP | Show help information | CONTROL |
LICREFRESH | Redo license check | CONTROL |
PROBE | Send probe to node | CONTROL |
SNAP | Issue a snap of data areas | CONTROL |
VERIFY | Verify a target | CONTROL |
CTCA/FCTC Driver Functions | Description | Category |
---|---|---|
SHOW | Display link configuration | CTC_DISPLAY |
SNAP | Dump link control blocks | CTC_DISPLAY |
STATS | Display link statistics | CTC_DISPLAY |
STATUS | Display link status | CTC_DISPLAY |
TRACE | Display link trace table | CTC_DISPLAY |
ALTER IORETRY | Number of I/O operation retries | CTC_MODIFY |
ALTER MAXIOTIM | Maximum I/O completion time | CTC_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | CTC_MODIFY |
ALTER RCVBLKCT | Number of receive buffers | CTC_MODIFY |
ALTER RCVBLKSZ | Block size of receive buffers | CTC_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | CTC_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | CTC_MODIFY |
ALTER SAF | NETSAF (WAF) point-of-access verification | CTC_MODIFY |
ALTER SNDBLKCT | Number of send buffers | CTC_MODIFY |
ALTER SNDBLKSZ | Block size of send buffers | CTC_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | CTC_MODIFY |
ALTER TRACESIZ | Size of trace table | CTC_MODIFY |
ALTER UNIT | Unit address of the CTCA link | CTC_MODIFY |
ALTER UNITREAD | Unit address used to read data | CTC_MODIFY |
ALTER UNITWRT | Unit address used to send data | CTC_MODIFY |
ALTER WEIGHT | Path selection weighting | CTC_MODIFY |
ALTER ZEDC | zEnterprise Data Compression (zEDC) | CTC_MODIFY |
ALTER ZEDCLOG | zEDC compression trace data level | CTC_MODIFY |
CLOSE | Close link | CTC_MODIFY |
CONNECT | Connect link | CTC_MODIFY |
DISC | Disconnect link | CTC_MODIFY |
OPEN | Open link | CTC_MODIFY |
RESET | Reset Statistics | CTC_MODIFY |
RESUME | Resume link | CTC_MODIFY |
SUSPEND | Suspend link | CTC_MODIFY |
TCPI Driver Functions | Description | Category |
---|---|---|
SHOW | Display driver configuration | TCPI_DISPLAY |
SNAP | Dump driver control blocks | TCPI_DISPLAY |
STATS | Display driver statistics | TCPI_DISPLAY |
STATUS | Display driver status | TCPI_DISPLAY |
TRACE | Display driver trace table | TCPI_DISPLAY |
ALTER ACCEPTUI | Accept requests from undefined systems | TCPI_MODIFY |
ALTER ALLOWIP6 | Attempt IPv6 communications | TCPI_MODIFY |
ALTER API | Name of the TCP/IP API being used | TCPI_MODIFY |
ALTER CONNQUE | Number of connect queue entries | TCPI_MODIFY |
ALTER DRVCHAR | Driver/Link designated special character | TCPI_MODIFY |
ALTER DRVNAME | Driver name | TCPI_MODIFY |
ALTER EXIT | User exit name | TCPI_MODIFY |
ALTER KEEPALIV | Maintain connections when no traffic | TCPI_MODIFY |
ALTER MULTSESS | Multiple connection requests | TCPI_MODIFY |
ALTER NODELAY | Use IBM socket option TCP-NODELAY | TCPI_MODIFY |
ALTER OPTIONS1 | API-specific options | TCPI_MODIFY |
ALTER OPTIONS2 | API-specific options | TCPI_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | TCPI_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | TCPI_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | TCPI_MODIFY |
ALTER SERVERID | Port number used by Entire Net-Work | TCPI_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | TCPI_MODIFY |
ALTER SUBSYS | Subsystem name for communications | TCPI_MODIFY |
ALTER TRACE | Activate/deactivate tracing | TCPI_MODIFY |
ALTER TRACELEV | Tracing levels | TCPI_MODIFY |
ALTER TRACESIZ | Size of trace table | TCPI_MODIFY |
ALTER USERID | User ID | TCPI_MODIFY |
CLOSE | Close driver | TCPI_MODIFY |
OPEN | Open driver | TCPI_MODIFY |
RESET | Reset statistics | TCPI_MODIFY |
TCPI Link Functions | Description | Category |
---|---|---|
SHOW | Display link configuration | TCPI_DISPLAY |
SNAP | Dump link control blocks | TCPI_DISPLAY |
STATS | Display link statistics | TCPI_DISPLAY |
STATUS | Display link status | TCPI_DISPLAY |
TRACE | Display link trace table | TCPI_DISPLAY |
ALTER ACQUIRE | Attempt automatic connection | TCPI_MODIFY |
ALTER ADJHOST | Internet host name for a node | TCPI_MODIFY |
ALTER ADJNODE | Node name | TCPI_MODIFY |
ALTER COE | Client Only Element | TCPI_MODIFY |
ALTER EXIT | User exit name | TCPI_MODIFY |
ALTER INETADDR | Remote host IPv4 address | TCPI_MODIFY |
ALTER KEEPALIV | Maintain connections when no traffic | TCPI_MODIFY |
ALTER MULTSESS | Multiple connection requests | TCPI_MODIFY |
ALTER NODELAY | Use IBM socket option TCP-NODELAY | TCPI_MODIFY |
ALTER PORT | Port numbers | TCPI_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | TCPI_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | TCPI_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | TCPI_MODIFY |
ALTER SAF | NETSAF (WAF) point-of-access verification | TCPI_MODIFY |
ALTER SENDTIME | Maximum send completion time | TCPI_MODIFY |
ALTER SERVERID | Port number used by Entire Net-Work | TCPI_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | TCPI_MODIFY |
ALTER TRACESIZ | Size of trace table | TCPI_MODIFY |
ALTER V6IPADDR | Remote host IPv6 address | TCPI_MODIFY |
ALTER WEIGHT | Path selection weighting | TCPI_MODIFY |
ALTER ZEDC | zEnterprise Data Compression (zEDC) | TCPI_MODIFY |
ALTER ZEDCLOG | zEDC compression trace data level | TCPI_MODIFY |
CLOSE | Close link | TCPI_MODIFY |
CONNECT | Connect link | TCPI_MODIFY |
DISCONNECT | Disconnect link | TCPI_MODIFY |
OPEN | Open link | TCPI_MODIFY |
RESET | Reset statistics | TCPI_MODIFY |
RESUME | Resume link | TCPI_MODIFY |
SUSPEND | Suspend link | TCPI_MODIFY |
TCPX Driver Functions | Description | Category |
---|---|---|
SHOW | Display driver configuration | TCPX_DISPLAY |
SNAP | Dump driver control blocks | TCPX_DISPLAY |
STATS | Display driver statistics | TCPX_DISPLAY |
STATUS | Display driver status | TCPX_DISPLAY |
TRACE | Display driver trace table | TCPX_DISPLAY |
USERS | Display active user information | TCPX_DISPLAY |
ALTER ACCEPTUI | Accept requests from undefined systems | TCPX_MODIFY |
ALTER ADI | Use Adabas Directory Server (ADI) | TCPX_MODIFY |
ALTER ADIHOST | Hostname of ADI | TCPX_MODIFY |
ALTER ADIPART | Partition name for use with ADI | TCPX_MODIFY |
ALTER ADIPORT | Port number of ADI | TCPX_MODIFY |
ALTER ALLOWIP6 | Attempt IPv6 communications | TCPX_MODIFY |
ALTER API | Name of the TCP/IP API being used | TCPX_MODIFY |
ALTER CONNQUE | Number of connect queue entries | TCPX_MODIFY |
ALTER DRVCHAR | Driver/Link designated special character | TCPX_MODIFY |
ALTER DRVNAME | Driver name | TCPX_MODIFY |
ALTER KEEPALIV | Maintain connections when no traffic | TCPX_MODIFY |
ALTER MULTSESS | Multiple connection requests | TCPX_MODIFY |
ALTER NODELAY | Use IBM socket option TCP-NODELAY | TCPX_MODIFY |
ALTER NUMUSERS | Max. no. of concurrent clients | TCPX_MODIFY |
ALTER OPTIONS1 | API-specific options | TCPX_MODIFY |
ALTER OPTIONS2 | API-specific options | TCPX_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | TCPX_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | TCPX_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | TCPX_MODIFY |
ALTER SERVERID | Port number used by Entire Net-Work | TCPX_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | TCPX_MODIFY |
ALTER SUBSYS | Subsystem name for communications | TCPX_MODIFY |
ALTER SUPMSGS | Suppress NETP818I, NETP819I messages | TCPX_MODIFY |
ALTER TRACE | Activate/deactivate tracing | TCPX_MODIFY |
ALTER TRACELEV | Tracing levels | TCPX_MODIFY |
ALTER TRACESIZ | Size of trace table | TCPX_MODIFY |
ALTER USERID | User ID | TCPX_MODIFY |
ALTER WCPPART | Alias of ADIPART | TCPX_MODIFY |
CLOSE | Close driver | TCPX_MODIFY |
OPEN | Open driver | TCPX_MODIFY |
RESET | Reset statistics | TCPX_MODIFY |
TCPX Link Functions | Description | Category |
---|---|---|
SHOW | Display link configuration | TCPX_DISPLAY |
SNAP | Dump link control blocks | TCPX_DISPLAY |
STATS | Display link statistics | TCPX_DISPLAY |
STATUS | Display link status | TCPX_DISPLAY |
TRACE | Display link trace table | TCPX_DISPLAY |
USERS | Display active user information | TCPX_DISPLAY |
ALTER ACQUIRE | Attempt automatic connection | TCPX_MODIFY |
ALTER ADJHOST | Internet host name for a node | TCPX_MODIFY |
ALTER INETADDR | Remote host IPv4 address | TCPX_MODIFY |
ALTER KEEPALIV | Maintain connections when no traffic | TCPX_MODIFY |
ALTER MULTSESS | Multiple connection requests | TCPX_MODIFY |
ALTER NODELAY | Use IBM socket option TCP-NODELAY | TCPX_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | TCPX_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | TCPX_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | TCPX_MODIFY |
ALTER SAF | NETSAF (WAF) point-of-access verification | TCPX_MODIFY |
ALTER SENDTIME | Maximum send completion time | TCPX_MODIFY |
ALTER SERVERID | Port number used by Entire Net-Work | TCPX_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | TCPX_MODIFY |
ALTER TRACESIZ | Size of trace table | TCPX_MODIFY |
ALTER V6IPADDR | Remote host IPv6 address | TCPX_MODIFY |
ALTER WEIGHT | Path selection weighting | TCPX_MODIFY |
CLOSE | Close link | TCPX_MODIFY |
CONNECT | Connect link | TCPX_MODIFY |
DISCONNECT | Disconnect link | TCPX_MODIFY |
OPEN | Open link | TCPX_MODIFY |
RESET | Reset statistics | TCPX_MODIFY |
RESUME | Resume link | TCPX_MODIFY |
SUSPEND | Suspend link | TCPX_MODIFY |
VTAM Driver Functions | Description | Category |
---|---|---|
SHOW | Display driver configuration | VTAM_DISPLAY |
SNAP | Dump driver control blocks | VTAM_DISPLAY |
STATS | Display driver statistics | VTAM_DISPLAY |
STATUS | Display driver status | VTAM_DISPLAY |
TRACE | Display driver trace table | VTAM_DISPLAY |
ALTER ACCEPTUI | Accept requests from undefined systems | VTAM_MODIFY |
ALTER APPLID | Application name | VTAM_MODIFY |
ALTER AUTHPATH | Use VTAM Authorized Path | VTAM_MODIFY |
ALTER EXIT | User exit name | VTAM_MODIFY |
ALTER MAXBLK | Receive buffer size | VTAM_MODIFY |
ALTER MAXRU | Receive buffer size | VTAM_MODIFY |
ALTER PASSWORD | APPLID associated password | VTAM_MODIFY |
ALTER RECVRPLS | Number of receive RPLs to be kept active | VTAM_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | VTAM_MODIFY |
ALTER SLEEPTIM | Retry time interval | VTAM_MODIFY |
ALTER TPNAME | Transaction program name definition | VTAM_MODIFY |
ALTER TRACESIZ | Size of trace table | VTAM_MODIFY |
CLOSE | Close driver | VTAM_MODIFY |
OPEN | Open driver | VTAM_MODIFY |
RESET | Reset statistics | VTAM_MODIFY |
VTAM Link Functions | Description | Category |
---|---|---|
SHOW | Display link configuration | VTAM_DISPLAY |
SNAP | Dump link control blocks | VTAM_DISPLAY |
STATS | Display link statistics | VTAM_DISPLAY |
STATUS | Display link status | VTAM_DISPLAY |
TRACE | Display link trace table | VTAM_DISPLAY |
ALTER ACQUIRE | Attempt automatic connection | VTAM_MODIFY |
ALTER APPLID | Application name | VTAM_MODIFY |
ALTER ASSOCLU | LU6.2 partner’s Receive LU | VTAM_MODIFY |
ALTER BLOCKMSG | Message blocking | VTAM_MODIFY |
ALTER COMPRMSG | Compress message duplicate characters | VTAM_MODIFY |
ALTER CRYPT | Request the use of encryption/decryption | VTAM_MODIFY |
ALTER DEFRESP | Request definite response | VTAM_MODIFY |
ALTER EXIT | User exit name | VTAM_MODIFY |
ALTER LOGMODE | Logmode table name | VTAM_MODIFY |
ALTER LUNAME | LU name | VTAM_MODIFY |
ALTER MAXBLK | Send buffer size | VTAM_MODIFY |
ALTER MAXRU | Send buffer size | VTAM_MODIFY |
ALTER MINCMP | ALTER MINCMP Minimum length for compression | VTAM_MODIFY |
ALTER MODEENT | Logmode table entry name | VTAM_MODIFY |
ALTER NETID | Partner’s VTAM network ID | VTAM_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | VTAM_MODIFY |
ALTER RESTART | Reconnect retry interval and no. of retries | VTAM_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | VTAM_MODIFY |
ALTER SAF | NETSAF (WAF) point-of-access verification | VTAM_MODIFY |
ALTER SNDTMOUT | Maximum send completion time | VTAM_MODIFY |
ALTER STATBLK | Accumulate message blocking statistics | VTAM_MODIFY |
ALTER STATCMP | Accumulate data compression statistics | VTAM_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | VTAM_MODIFY |
ALTER TRACESIZ | Size of trace table | VTAM_MODIFY |
ALTER WEIGHT | Path selection weighting | VTAM_MODIFY |
ALTER ZEDC | zEnterprise Data Compression (zEDC) | VTAM_MODIFY |
ALTER ZEDCLOG | zEDC compression trace data level | VTAM_MODIFY |
CLOSE | Close link | VTAM_MODIFY |
CONNECT | Connect link | VTAM_MODIFY |
DISCONNECT | Disconnect link | VTAM_MODIFY |
OPEN | Open link | VTAM_MODIFY |
RESET | Reset statistics | VTAM_MODIFY |
RESUME | Resume link | VTAM_MODIFY |
XCF Driver Functions | Description | Category |
---|---|---|
SHOW | Display driver configuration | XCF_DISPLAY |
SNAP | Dump driver control blocks | XCF_DISPLAY |
STATS | Display driver statistics | XCF_DISPLAY |
TRACE | Display driver trace table | XCF_DISPLAY |
ALTER ACCEPTUI | Accept requests from undefined systems | XCF_MODIFY |
ALTER EXHS | Use extended handshakes | XCF_MODIFY |
ALTER GROUP | XCF group name | XCF_MODIFY |
ALTER LARGEMSG | Minimum size of a large message | XCF_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | XCF_MODIFY |
ALTER RCVBFNUM | No. of entries in the receive buffer table | XCF_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | XCF_MODIFY |
ALTER SMALLMSG | Maximum size of a small message | XCF_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | XCF_MODIFY |
ALTER TRACESIZ | Size of trace table | XCF_MODIFY |
HELP | List available functions | XCF_MODIFY |
RESET | Reset statistics | XCF_MODIFY |
XCF Link Functions | Description | Category |
---|---|---|
SHOW | Display link configuration | XCF_DISPLAY |
SNAP | Dump link control blocks | XCF_DISPLAY |
STATS | Display link statistics | XCF_DISPLAY |
TRACE | Display link trace table | XCF_DISPLAY |
ALTER ADJHOST | Internet host name for a node | XCF_MODIFY |
ALTER EXHS | Use extended handshakes | XCF_MODIFY |
ALTER PSTATS | Print interval statistics to DDPRINT | XCF_MODIFY |
ALTER RSTATS | Reset statistics at STATINT intervals | XCF_MODIFY |
ALTER SAF | NETSAF (WAF) point-of-access verification | XCF_MODIFY |
ALTER STATINT | Print/Reset statistics time interval | XCF_MODIFY |
ALTER WEIGHT | Path selection weighting | XCF_MODIFY |
ALTER ZEDC | zEnterprise Data Compression (zEDC) | XCF_MODIFY |
ALTER ZEDCLOG | zEDC compression trace data level | XCF_MODIFY |
HELP | List available functions | XCF_MODIFY |
RESET | Reset statistics | XCF_MODIFY |
This section describes the formatting of the resource name when an Adabas SAF Security operator command is issued to any of the following jobs:
Adabas nucleus
Adabas utility
Entire Net-Work
When processing an operator command, Adabas SAF Security will check that the User ID under which the job is executing has read access to a resource name of the following format:
OPRddddd.SPECAL
where
Value | Description |
---|---|
ddddd | is the node ID, specified in the format defined by the setting
of the DBFLEN configuration parameter.
|
. | is an optional delimiter character, depending on the setting
of the DELIM configuration parameter.
|
SPECAL | is the substituted command used for all Adabas SAF Security operator commands. |
Refer to Adabas SAF Security Operator Commands in the Operations section for general information on Adabas SAF Security operator commands.
Resource names used in the start-up of an Adabas Audit Server follow the same format as Resource Names for Adabas Nucleus Start-up.
Refer to Adabas Audit Server Start-up in the Operations section for additional information.
Resource names used in the protection of Adabas Audit Server administration functions follow the same format as Resource Names for Adabas Nucleus Administration Functions.
Refer to Adabas Audit Server Administration Functions in the Operations section for general information on protecting Adabas Audit Server administration functions.
Resource names used in the protection of operator commands issued to the Adabas Audit Server follow the same format as Resource Names for Adabas Operator Commands.
Refer to Adabas Audit Server Operator Commands in the Operations section for additional information.
Resource names used in the start-up of an Adabas Event Replicator Server follow the same format as Resource Names for Adabas Nucleus Start-up.
Refer to Adabas Event Replicator Server Start-up in the Operations section for additional information.
Resource names used in the protection of Adabas Event Replicator Server administration functions follow the same format as Resource Names for Adabas Nucleus Administration Functions.
Refer to Adabas Event Replicator Server Administration Functions in the Operations section for general information on protecting Adabas Event Replicator Server administration functions.
Resource names used in the protection of operator commands issued to the Adabas Event Replicator Server follow the same format as Resource Names for Adabas Operator Commands.
Refer to Adabas Event Replicator Server Operator Commands in the Operations section for additional information.
This section describes those resource names which can be subjected to grouping in order to simplify the administration of the required security resources.
The AAFFILE macro is supplied on the ADASAF source library and is used to create a load module which defines prefixes, major nodes and/or minor nodes for file numbers or ranges of file numbers. You choose what mixture of prefixes, major and minor nodes you wish to use and for which files. Having created the load module, you identify it to ADASAF using the FILETAB configuration parameter to specify the load module name. The module must be available in an APF-authorized step library of the Adabas nucleus . At initialization, ADASAF attempts to load the nominated module. If the load fails, ADASAF issues message AAF004 and instructs the Adabas nucleus to terminate.
AAFFILE has 3 parameters as described in the table below:
Parameter Syntax | Eplananation |
---|---|
TYPE={PREFIX|MAJOR|MINOR|FINAL} |
|
NAME=1 to 8 characters |
Specifies the name to be used. The name must conform to the resource naming conventions of your security system. |
FILES={(nnnnn,nnnnn-nnnnn…)|ALL} |
Specifies a list of files or ranges of files for which
this name should be used. |
A sample assembly and link job is provided in SAGI055 in the JOBS installation dataset.
AAFFILE TYPE=PREFIX,NAME=TEST,FILES=ALL AAFFILE TYPE=MAJOR,NAME=ACCOUNTS,FILES=(1,5,11-20,251-300) AAFFILE TYPE=MAJOR,NAME=HR,FILES=(101-200) AAFFILE TYPE=MINOR,NAME=SALARY,FILES=(1,11,251) AAFFILE TYPE=FINAL END
Assuming DBFLEN=1
together with the above
AAFFILE statements, the following resource names will be used for accesses to
files on database 153:
File Number | Resource Name
(DELIM=Y )
|
Resource Name
(DELIM=N )
|
---|---|---|
1 |
TEST.ACCOUNTS.SALARY |
TEST.ACCOUNTSSALARY |
38 |
TEST.CMD00153.FIL00038 |
TEST.ACC00153FIL00038 |
200 |
TEST.HR.FIL00200 |
TEST.HRFIL00200 |
299 |
TEST.ACCOUNTS.FIL00299 |
TEST.ACCOUNTSFIL00299 |
AAFFILE TYPE=PREFIX,NAME=ACCOUNTS,FILES=(1,5,11-20,251-300) AAFFILE TYPE=MAJOR,NAME=PAYMENTS,FILES=(1,5,11-20) AAFFILE TYPE=MAJOR,NAME=HR,FILES=(101-200) AAFFILE TYPE=MINOR,NAME=SALARY,FILES=(1,11,251) AAFFILE TYPE=FINAL END
Assuming DBFLEN=1
together with the above
AAFFILE statements, the following resource names will be used for accesses to
files on database 253:
File Number | Resource Name
(DELIM=Y )
|
Resource Name
(DELIM=N )
|
---|---|---|
1 |
ACCOUNTS.PAYMENTS.SALARY |
ACCOUNTS.PAYMENTSSALARY |
38 |
CMD00253.FIL00038 |
ACC00253FIL00038 |
200 |
HR.FIL00200 |
HRFIL00200 |
299 |
ACCOUNTS.CMD00253.FIL00299 |
ACCOUNTS.ACC00253FIL00299 |
As these examples show, you have complete flexibility in using grouped and standard database/file-specific resource names in any combination.
You will usually need to create a different load module for each database where grouped resource names are to be used, because different databases are likely to have different file grouping requirements.
An operator command grouping table is available which enables sites to influence the construction of resource names by changing the default operator command name to site specific names.
This grouping table is available for Adabas operator commands issued against any of the following jobs:
Adabas nucleus
Adabas utility
A sample source member, ADAEOPTB, is provided which defines operator commands to one of three groups, namely DISPLY, MODIFY and SPECAL. The choice of group names and how commands are grouped is decided on site and determines which Adabas operator commands may be entered from a z/OS console. When adding or modifying an entry in ADAEOPTB, specify the operator command (if longer than 8 characters, only provide the first 8 characters) and grouping requirement, for example:
ENTITY NOLOGGIN,SPECAL /* prevent command logging */
associates the NOLOGGING
operator command
with the group SPECAL.
You must also relink ADAIOR to include ADAEOPTB. For more information, refer to ADASAF installation procedure, step 7.
The following is a sample grouping as supplied in the ADAEOPTB source library member. The following list is not restricted to the commands shown here and can be added to or subtracted from, depending on installation requirements. For more information about Adabas operator commands, see the Adabas Operations documentation.
The display-type Adabas commands are:
CSTAT | DHQ | DONLSTAT | DUQE |
CSUM | DHQA | DPARM | DUUQE |
DAUQ | DLOCKF | DPPT | DXCACHE |
DCQ | DMEMTB | DRES | DXFILE |
DDIB | DNC | DSTAT | DXLOCK |
DDSF | DNFV | DTH | DXMSG |
DFILES | DNH | DUQ | DXSTAT |
DFILUSE | DNU | DUQA |
The modify-type Adabas commands are:
ADAEND | CDATAHSP | CFILE | RESUME |
CANCEL | CDATAL64 | CFSTAT | REVIEW |
CASSODSP | CDATAMAX | CINCLUDE | TNAA |
CASSOEXT | CDATAV64 | CLOGMRG | TNAE |
CASSOHSP | CDELETE | CPARM | TNAX |
CASSOL64 | CDEMAND | CRETRY | TT |
CASSOMAX | CDISABLE | CT | MXCANCEL |
CASSOV64 | CDISPSTAT | DUMP | MXMSG |
CBUFNO | CENABLE | FEOFCL | MXMSGWAR |
CCHANGE | CEXCLUDE | FEOFPL | MXWTOR |
CCTIMEOUT | CFDELETE | FMXIO | |
CDATADSP | CFDISABLE | HALT | |
CDATAEXT | CFENABLE | RDUMPST |
The special Adabas commands are:
ALOCKF | LOGRB | NOLOGVB | SMFRECNO |
AOSLOG | LOGSB | NOLOGVOLIO | SMFSUBSYS |
ASYTVS | LOGUX | NWCONNECT | SGMT |
CLUFREEUSER | LOGVB | ONLRESUME | STOPF |
DELUF | LOGVOLIO | ONLSTOP | STOPI |
DELUI | LOGWARN | ONLSUSPEND | STOPU |
LOCKF | NOLOGCB | RALOCKF | SYNCC |
LOCKU | NOLOGFB | RALOCKFA | TCPIP |
LOCKX | NOLOGGING | READONLY | TM |
LOGCB | NOLOGIB | REVIEWHUBID | UNLOCKF |
LOGFB | NOLOGIO | SMFDETAIL | UNLOCKU |
LOGGING | NOLOGRB | SMFDETAILADD | UNLOCKX |
LOGIB | NOLOGSB | SMFDETAILDEL | UTIONLY |
LOGIO | NOLOGUX | SMFINTERVAL |
Aadministration function and file grouping tables are available which enable sites to influence the construction of resource names by changing the default administration function and file names to site specific names.
These grouping tables are available for administration functions performed against any of the following jobs:
Adabas nucleus
A sample source member is provided (AAFNUCTB) which associates each of the Adabas administration functions to a specific function group name. This function group name then replaces the administration function name in the resource name.
The supplied function group names in AAFNUCTB are samples only - sites may define their own function group names and choose which of the administration functions are associated to a particular function group.
By way of an example, the table below shows the resource names constructed when an administrative request to delete file 18 is processed with and without the availability of AAFNUCTB (using the definitions in the sample AAFNUCTB).
DBADMIN | With AAFNUCTB | Without AAFNUCTB |
---|---|---|
(Y,NOFILE,WARN|FAIL) |
ADANUCddddd.UTIFUP |
ADANUCddddd.DELETE |
(Y,FILE,WARN|FAIL) |
ADANUCddddd.UTIFUP.UFL00018 |
ADANUCddddd.DELETE.UFL00018 |
For more information, refer to the sample member AAFNUCTB provided in the SRCE installation library. A sample assembly and link job is provided in SAGI065 in the JOBS installation library.
A sample source member is provided (AAFFILTB) which has examples of how to associate a file group name to one or more files using the AAFFILE macro with TYPE=MINOR. This file group name then replaces the file number in the resource name.
The supplied file group names in AAFFILTB are samples only - sites should define their own file group names and choose which file numbers are associated to a particular file group.
By way of an example, the table below shows the resource names constructed when an administrative request to delete file 18 is processed with and without the availability of AAFFILTB (using the definitions in the sample AAFFILTB), and, for completeness, with and without the availability of AAFNUCTB (using the definitions in the sample AAFNUCTB).
Note:
This file grouping option only applies to
DBADMIN=(Y,FILE,WARN|FAIL).
AAFFILTB | With AAFNUCTB | Without AAFNUCTB |
---|---|---|
Not Available |
ADANUCddddd.UTIFUP.UFL00018 |
ADANUCddddd.DELETE.UFL00018 |
Available |
ADANUCddddd.UTIFUP.INVOICE |
ADANUCddddd.DELETE.INVOICE |
For more information, refer to the sample member AAFFILTB provided in the SRCE installation library. The assembly and link job SAGI055 in the JOBS installation library may be used to create the nucleus administration file grouping table.
Notes:
UTI=3
is defined (for utility
file-level protection), then the file grouping defined by this module will also
be enabled for utility operations against the database ID denoted by
nnnnn.
Utility function and file grouping tables are available which enable sites to influence the construction of resource names by changing the default utility function and file names to site specific names.
A sample source member is provided (AAFUTITB) which associates each of the utility functions to a specific function group name. This function group name then replaces the utility function name in the resource name.
The supplied function group names in AAFUTITB are samples only - sites may define their own function group names and choose which of the utility functions are associated to a particular function group.
By way of an example, the table below shows the resource names constructed when an ADASAV SAVE FILES=18 is executed with and without the availability of AAFUTITB (using the definitions in the sample AAFUTITB).
UTI | With AAFUTITB | Without AAFUTITB |
---|---|---|
UTI=2 |
ADASAVddddd.UTIFAC |
ADASAVddddd.SAVE |
UTI=3 |
ADASAVddddd.UTIFAC.UFL00018 |
ADASAVddddd.SAVE.UFL00018 |
For more information, refer to the sample member AAFUTITB provided in the SRCE installation library. A sample assembly and link job is provided in SAGI065 in the JOBS installation library.
A sample source member is provided (AAFFILTB) which has examples of how to associate a file group name to one or more files using the AAFFILE macro with TYPE=MINOR. This file group name then replaces the file number in the resource name.
The supplied file group names in AAFFILTB are samples only - sites should define their own file group names and choose which file numbers are associated to a particular file group.
By way of an example, the table below shows the resource names constructed when an ADASAV SAVE FILES=18 is executed with and without the availability of AAFFILTB (using the definitions in the sample AAFFILTB), and, for completeness, with and without the availability of AAFUTITB (using the definitions in the sample AAFUTITB).
Note:
This file grouping option only applies to
UTI=3
.
AAFFILTB | With AAFUTITB | Without AAFUTITB |
---|---|---|
Not Available |
ADASAVddddd.UTIFAC.UFL00018 |
ADASAVddddd.SAVE.UFL00018 |
Available |
ADASAVddddd.UTIFAC.INVOICE |
ADASAVddddd.SAVE.INVOICE |
For more information, refer to the sample member AAFFILTB provided in the SRCE installation library. The assembly and link job SAGI055 in the JOBS installation library may be used to create the utility file grouping table.
Notes:
DBADMIN=(Y,FILE,WARN|FAIL)
is defined (for nucleus
administration file-level protection), then the file grouping defined by this
module will also be enabled for nucleus administration functions within the
database ID denoted by nnnnn.