Adabas SAF Security Resource Names

This document describes the SAF Security Resource Names.


Resource Name Maximum Lengths

The following tables show the various configuration options which affect the length of resource names and the corresponding resource name maximum length based on those options.

Important:
The resource class/type must support the maximum length defined in these tables before the appropriate configuration parameter is activated.

Adabas Resource Names

AAFPRFX XLEVEL=3 DBADMIN=Y Maximum Length
N N N 17
Y N N 26
N Y N 26
Y Y N 35
Y or N Y or N Y 64

Adabas Utility Resource Names

UTI AAFPRFX Maximum Length
1 N 17
1 Y 26
2 Y or N 64
3 Y or N 64

Entire Net-Work Resource Names

AAFPRFX NETADMIN=Y Maximum Length
N N 17
Y N 26
Y or N Y 64

Resource Names

The following table describes the resource names used by Adabas SAF Security for specific operational environments.

Refer to Resource Names for Adabas SAF Security Operator Commands for a description of the common resource name used for all Adabas SAF Security operator commands applicable to these environments.

Resource Protection within Resource Name Description
Adabas Nucleus

Resource Names for Adabas Nucleus Start-up

Resource Names for Adabas Files

Resource Names for Adabas Operator Commands

Resource Names for Adabas Nucleus Administration Functions

Resource Names for Adabas Nucleus Cross-Level Security

Adabas Utilities

Resource Names for Name-level Protection

Resource Names for Function-level Protection

Resource Names for Function/File-level Protection

Resource Names for Utility Functions

Resource Names for Utilities without Database ID

Online Administration Services

Resource Names for Adabas Auditing Configuration

Resource Names for Adabas Event Replicator Subsystem

Resource Names for Adabas Basic Services

Resource Names for Adabas System Coordinator Administration Services

Resource Names for Adabas Fastpath Administration Services

Resource Names for Adabas Vista Administration Services

Resource Names for Adabas Transaction Manager Administration Services

Resource Names for Adabas SAF Security Administration Services

Entire Net-Work

Resource Names for Entire Net-Work Start-up

Resource Names for Entire Net-Work Administration Functions

Adabas Audit Server

Resource Names for Adabas Audit Server Start-up

Resource Names for Adabas Audit Server Administration Functions

Resource Names for Adabas Audit Server Operator Commands

Adabas Event Replicator Server

Resource Names for Adabas Event Replicator Server Start-up

Resource Names for Adabas Event Replicator Server Administration Functions

Resource Names for Adabas Event Replicator Server Operator Commands

Adabas Nucleus

Resource Names for Adabas Nucleus Start-up

When starting an Adabas nucleus, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:

NUCddddd.SVCsvc

When starting a batch job in single-user mode, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:

USRddddd.SVCsvc

When starting ADACOM, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:

COMddddd.SVCsvc

where

Value Description
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
SVCsvc is the characters SVC followed by the 3-digit decimal number of the Adabas SVC.

Refer to Nucleus Start-up in the Operations section for additional information and examples.

Resource Names for Adabas Files

Adabas SAF Security authorizes use of Adabas data by building a resource name to represent the file being used. The format of the resource name differs depending on the DELIM configuration parameter as follows:

lvldddddFILnnnnn
if DELIM=N
CMDddddd.FILnnnnn
if DELIM=Y

where

Value Description
lvl is the required access level (ACC for access-type commands and UPD for update-type commands)
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
nnnnn is the file number, specified in the format defined by the setting of the DBFLEN configuration parameter.

Refer to Adabas and Natural Commands in the Operations section for general information on protecting Adabas files.

As an alternative to the above format, the use of AAFFILE to define grouped resource names may also be used. Refer to Grouped Resource Names for Adabas Files for more information.

Resource Names for Adabas Operator Commands

This section describes the formatting of the resource name when an Adabas operator command is issued to any of the following jobs:

  • Adabas nucleus

  • Adabas utility

When processing an operator command, Adabas SAF Security will check that the User ID under which the Adabas job is executing has read access to a resource name of the following format:

OPRddddd.command

where

Value Description
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
command is the operator command.

Note:
For Adabas SAF Security operator commands refer to Resource Names for Adabas SAF Security Operator Commands.

Refer to Adabas Nucleus Operator Commands in the Operations section for general information on protecting Adabas operator commands.

As an alternative to the above format, the use of ADAEOPTB enables operator command grouping, resulting in resource names of the following format:

OPRddddd.groupname

where

Value Description
groupname is the group name associated by ADAEOPTB to the operator command being processed.

Refer to Grouped Resource Names for Adabas Operator Commands for more information on grouped resource names using ADAEOPTB.

Resource Names for Adabas Nucleus Administration Functions

The protection of Adabas nucleus administration functions is controlled by the DBADMIN configuration parameter.

ADASAF SAF Security first establishes a user's right to perform administration against an Adabas nucleus by verifying that the user has read access to the resource:

ADANUCddddd.UTILITY

Adabas SAF Security then authorizes the use of Adabas nucleus administration functions by verifying the user has read access to a resource name representing the function being executed. The format of this resource name depends on whether the administration function is file-related and if the FILE option of the DBADMIN configuration parameter is specified, as indicated by this table:

File-related function DBADMIN= Resource Name
No Y,NOFILE
ADANUCddddd.function
No Y,FILE
ADANUCddddd.function
Yes Y,NOFILE
ADANUCddddd.function
Yes Y,FILE
ADANUCddddd.function.UFLfnr

where

Value Description
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the administration function being processed. Refer to Adabas Administration Functions for a list of all applicable functions.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
UFLfnr is the characters UFL followed by the file number, specified in the format defined by the setting of the DBFLEN configuration parameter.

Refer to Adabas Nucleus Administration Functions in the Operations section for general information on protecting Adabas nucleus administration functions.

As an alternative to the above resource name format, the use of Adabas administration function and file grouping enables resource names to be constructed with the following format:

ADANUCddddd.functiongroupname
ADANUCddddd.functiongroupname.filegroupname

where

Value Description
functiongroupname is the group name associated by the AAFNUCTB function grouping table to the nucleus administration function being processed.
filegroupname is the group name associated by the UFTnnnnn file grouping table to the file number specified for the nucleus administration function being processed. (where nnnnn is the database ID against which the nucleus administration function is being processed.)

Refer to Grouped Resource Names for Adabas Administration Functions for more information on the use of Adabas administration function and file grouping.

Adabas Administration Functions

The following table lists the administration function name used in the formatting of the resource name, it’s description, and whether or not it is file-related (and therefore subjected to the FILE setting of the DBADMIN configuration parameter):

Function Description File-related
ADD Add database extent No
ADDCLOG Add CLOG data sets No
ADDPLOG Add PLOG data sets No
ADMIN_CACHE Manage Cache Facility resources No
ADMIN_DSF Manage Delta Save Facility resources No
ADMIN_SMGT Manage Smart Management resources No
ADMIN_SPT Manage Stored Procedure and Trigger resources No
ADMIN_TCPIP Manage TCP/IP resources No
ALLOCATE Allocate file extent Yes
AUDITING Manage Adabas Audit Server file resources Yes
AUDITSERVER Manage Adabas Audit Server resources No
CATCH_RSP Force dump on specific response codes No
CHANGE Modify field length/format Yes
CVOLSER Display file extents on a given volume No
DCLOGSTATUS Display CLOG status No
DDURATION Display nucleus duration No
DEALLOCATE Deallocate file extent Yes
DECREASE Decrease last ASSO/DATA data set size No
DEFINE_FDT Define new FDT Yes
DEFINE_FILE Define file Yes
DELCLOG Delete CLOG data sets No
DELCP Delete checkpoint records No
DELDE Logically delete a descriptor Yes
DELETE Delete file Yes
DELFN Logically delete fields Yes
DELPLOG Delete PLOG data sets No
DFILE Display file information Yes
DIDT Display ID Table No
DMAINTENANCE Display maintenance levels No
DMODULE Display contents of a loaded module No
DPLOGSTATUS Display PLOG status No
DPRODUCTS Display installed products No
DRABN Display RABN information No
DSREUSE Modify DSREUSE file status Yes
DTIMEZONE Display time zone No
DVOLSER Display VOLSER table No
DWORKSTATUS Display WORK status No
ENCODEF Modify file encoding Yes
ETDATA_DELETE Delete ET-data record No
EXPFILE Insert/Remove file from Expanded File chain Yes
FILEREADONLY Modify FILEREADONLY status Yes
FORCE_ETBT Terminate PET user heuristically No
INCREASE Increase last ASSO/DATA data set size No
INSERT ADASCR: Insert/Update password/permission levels Yes
ISNREUSE Modify ISNREUSE file status Yes
LOG_RSP Log calls with specific response codes No
MIXDSDEV Modify MIXDSDEV file status Yes
MODFCB Modify file parameters Yes
MUPEX Modify MUPEX file status Yes
NEWFIELD Add new field Yes
ONLADD Add ASSO/DATA data sets dynamically No
ONLINCREASE Increase last ASSO/DATA data set size dynamically No
ONLINVERT Start online invert process Yes
ONLREORFASSO Start online reorder ASSO for files Yes
ONLREORFDATA Start online reorder DATA for files Yes
OPERCOM_ADAEND Terminate nucleus session normally No
OPERCOM_ALOCKF Lock file in advance Yes
OPERCOM_AOSLOG Modify AOSLOG parameter No
OPERCOM_ASSOSPACEWARN Modify ASSOSPACEWARN parameter No
OPERCOM_ASYTVS Modify ASYTVS parameter No
OPERCOM_AUDCONNECT Force a connection attempt between Adabas Audit Servers and Adabas nuclei No
OPERCOM_AUDITLOG Modify AUDITLOG parameter No
OPERCOM_AUTOINCASSOSIZE Modify AUTOINCASSOSIZE parameter No
OPERCOM_AUTOINCASSOTHRESHOLD Modify AUTOINCASSOTHRESHOLD parameter No
OPERCOM_AUTOINCASSOTOTAL Modify AUTOINCASSOTOTAL parameter No
OPERCOM_AUTOINCDATASIZE Modify AUTOINCDATASIZE parameter No
OPERCOM_AUTOINCDATATHRESHOLD Modify AUTOINCDATATHRESHOLD parameter No
OPERCOM_AUTOINCDATATOTAL Modify AUTOINCDATATOTAL parameter No
OPERCOM_BATCH Batch thread support No
OPERCOM_CANCEL Cancel nucleus session immediately No
OPERCOM_CLOGMRG Modify CLOGMRG parameter No
OPERCOM_CLUFREEUSER Delete leftover cluster user table elements No
OPERCOM_CLUPUBLPROT Modify CLUPUBLPROT parameter No
OPERCOM_CT Modify CT parameter No
OPERCOM_DATASPACEWARN Modify DATASPACEWARN parameter No
OPERCOM_DAUDPARM Display Auditing parameters No
OPERCOM_DAUDSTAT Display Auditing statistics No
OPERCOM_DAUQ Display most recently active user queue elements No
OPERCOM_DCMDSTAT Display command usage No
OPERCOM_DCQ Display all command queue elements No
OPERCOM_DDIB Display DIB information No
OPERCOM_DDSF Display DSF status No
OPERCOM_DDURATION Display nucleus duration No
OPERCOM_DFILES Display user type by file Yes
OPERCOM_DFILESTAT Display command statistics by file No
OPERCOM_DFILUSE Display file command count Yes
OPERCOM_DHQA Display all hold queue elements No
OPERCOM_DLOCKF Display locked files No
OPERCOM_DMEMTB Display MEMSTATE table No
OPERCOM_DNC Display no. of selectable command queue elements No
OPERCOM_DNFV Display NFV No
OPERCOM_DNH Display no. of ISNs in the hold queue No
OPERCOM_DNU Display no. of current users No
OPERCOM_DONLSTAT Display online reorder/invert status No
OPERCOM_DPARM Display nucleus session parameters No
OPERCOM_DPPT Display PPT No
OPERCOM_DRES Display nucleus resource usage No
OPERCOM_DRPLPARM Display replication-related parameters No
OPERCOM_DRPLSTAT Display replication-related statistics No
OPERCOM_DSPACE Display ASSO/DATA space statistics No
OPERCOM_DSTAT Display nucleus operating status No
OPERCOM_DTH Display thread status No
OPERCOM_DUQ Display user queue element(s) No
OPERCOM_DUUQE Display utility user queue element(s) No
OPERCOM_DVOLIO Display ASSO/DATA I/Os by VOLSER No
OPERCOM_DXCACHE Display cache-related statistics No
OPERCOM_DXFILE Display cache-related file statistics Yes
OPERCOM_DXLOCK Display lock-related statistics No
OPERCOM_DXMSG Display messaging statistics No
OPERCOM_DXWORK Display WORK I/O statistics No
OPERCOM_DZSTAT Display zIIP-related statistics No
OPERCOM_FEOFAL Force an ALOG switch No
OPERCOM_FEOFCL Force a CLOG switch No
OPERCOM_FEOFPL Force a PLOG switch No
OPERCOM_FMXIO Modify FMXIO parameter No
OPERCOM_HALT Stop nucleus session No
OPERCOM_INDEXCROSSCHECK Modify INDEXCROSSCHECK parameter No
OPERCOM_LICREFRESH Refresh the license file No
OPERCOM_LOCKF Lock file Yes
OPERCOM_LOCKU Lock file for non-utility use Yes
OPERCOM_LOCKX Lock file for non-EXF/EXU users Yes
OPERCOM_LOGALL Log all commands No
OPERCOM_LOGCB Start logging the Adabas control block No
OPERCOM_LOGFB Start logging the Adabas format buffer No
OPERCOM_LOGGING Start command logging No
OPERCOM_LOGIB Start logging the Adabas ISN buffer No
OPERCOM_LOGIO Start logging Adabas I/O activity No
OPERCOM_LOGRB Start logging the Adabas record buffer No
OPERCOM_LOGSB Start logging the Adabas search buffer No
OPERCOM_LOGUX Start logging user data No
OPERCOM_LOGVB Start logging the Adabas value buffer No
OPERCOM_LOGVOLIO Start logging the extended I/O list No
OPERCOM_LOGWARN Modify CLOG/PLOG status check frequency No
OPERCOM_LS Modify LS parameter No
OPERCOM_LU Modify LU parameter No
OPERCOM_MXCANCEL Modify MXCANCEL parameter No
OPERCOM_MXCANCELWARN Modify MXCANCELWARN parameter No
OPERCOM_MXMSG Modify MXMSG parameter No
OPERCOM_MXMSGWARN Modify MXMSGWARN parameter No
OPERCOM_MXSTATUS Modify MXSTATUS parameter No
OPERCOM_MXWTOR Modify MXWTOR parameter No
OPERCOM_NISNHQ Modify the NISNHQ parameter No
OPERCOM_NOLOGCB Stop logging the Adabas control block No
OPERCOM_NOLOGFB Stop logging the Adabas format buffer No
OPERCOM_NOLOGGING Stop command logging No
OPERCOM_NOLOGIB Stop logging the Adabas ISN buffer No
OPERCOM_NOLOGIO Stop logging Adabas I/O activity No
OPERCOM_NOLOGRB Stop logging the Adabas record buffer No
OPERCOM_NOLOGSB Stop logging the Adabas search buffer No
OPERCOM_NOLOGUX Stop logging user data No
OPERCOM_NOLOGVB Stop logging the Adabas value buffer No
OPERCOM_NOLOGVOLIO Stop logging the extended I/O list No
OPERCOM_NONDES Modify NONDES parameter No
OPERCOM_NQCID Modify NQCID parameter No
OPERCOM_NSISN Modify NSISN parameter No
OPERCOM_ONLRESUME Resume a suspended online reorder/invert No
OPERCOM_ONLSTOP Stop online reorder/invert No
OPERCOM_ONLSUSPEND Suspend an online reorder/invert No
OPERCOM_RALOCKF Remove advance lock on file Yes
OPERCOM_RALOCKFA Remove advance lock on all files No
OPERCOM_RDUMPST Reset online dump status No
OPERCOM_READONLY Modify READONLY parameter No
OPERCOM_REFSTPRT Modify REFSTPRT parameter No
OPERCOM_REVIEW Modify REVIEW parameter No
OPERCOM_REVFILTER Modify REVFILTER parameter No
OPERCOM_RFDUMPST Reset file online dump status No
OPERCOM_RNFV Refresh NFV No
OPERCOM_RPLCHECK Perform replication cross-check function No
OPERCOM_RPLCLEANUP Clean up interrupted replication job No
OPERCOM_RPLCONNECT Force a replication connection attempt No
OPERCOM_RPLCONNECTCOUNT Modify RPLCONNECTCOUNT parameter No
OPERCOM_RPLCONNECTINTERVAL Modify RPLCONNECTINTERVAL parameter No
OPERCOM_RPLREFRESH Refresh replication parameters No
OPERCOM_RUFT Refresh UFT No
OPERCOM_SECUID Modify SECUID parameter No
OPERCOM_STOPF Stop users using a file Yes
OPERCOM_STOPI Stop inactive users No
OPERCOM_STOPSU Stop user by security user id No
OPERCOM_STOPSUR As above but with response code notification No
OPERCOM_STOPU Stop user by Adabas-assigned user id or job name No
OPERCOM_STOPUR As above but with response code notification No
OPERCOM_SYNCC Force resynchronization of all ET users No
OPERCOM_TFLUSH Modify TFLUSH parameter No
OPERCOM_TLOG Modify the level of replication transaction logging No
OPERCOM_TLSCMD Modify TLSCMD parameter No
OPERCOM_TNAA Modify TNAA parameter No
OPERCOM_TNAE Modify TNAE parameter No
OPERCOM_TNAX Modify TNAX parameter No
OPERCOM_TT Modify TT parameter No
OPERCOM_UNLOCKF Unlock file Yes
OPERCOM_UNLOCKU Unlock file for non-utility use Yes
OPERCOM_UNLOCKX Unlock file for non-EXF/EXU users Yes
OPERCOM_UTIONLY Modify UTIONLY parameter No
OPERCOM_ZIIP Modify ZIIP parameter No
PASSWORD_CHANGE ADASCR: Change password No
PASSWORD_DELETE ADASCR: Delete password No
PFIELDS ADASCR: Modify field protection/permission levels Yes
PFILES ADASCR: Modify file protection/permission levels No
PROFILE_CHANGE Modify user profile No
PPW ADASCR: Request security information No
PRIORITY Modify user priority No
PROTECT ADASCR: Define field/file protection levels Yes
REACTLOG Reactivate command logging No
READ_STATISTICS Display statistics No
RECORDSPANNING Modify record spanning file status Yes
RECOVER Recover space No
REFRESH Refresh file Yes
REFRESHSTATS Reset statistical values No
RELEASE Release descriptor Yes
REMOVE ADASCR: Remove all field/file protection levels No
RENAME Rename database No
RENAME Rename file Yes
RENUMBER Renumber file Yes
REPLICATION Activate or Deactivate replication Yes
REPTOR Manage Event Replicator resources No
RESETDIB Reset active utility list (DIB) No
SBYVALUE ADASCR: Define security-by-value criteria Yes
START_STATISTICS Start statistics No
TRANSACTIONS Suspend/Resume update transaction processing No
UNCOUPLE Uncouple files Yes
UNDELDE Logically undelete descriptors Yes
UNDELFN Logically undelete fields Yes
UNUSED_FILE Display unused file number No
USERISN Modify USERISN file status Yes
ZAP_MODULE Zap loaded module No

Resource Names for Adabas Nucleus Cross-Level Security

Cross-level security checking is controlled by the XLEVEL configuration parameter.

For the simple cross-level security checks (XLEVEL=1 and XLEVEL=2), the same resource names are used as described in Resource Names for Adabas Files.

For more complex cross-level security checks (XLEVEL=3), Adabas SAF Security will check that the User ID has access to a resource name of the following format:

uuuuuuuu.dddddddd.ffffffff

where:

uuuuuuuu is the User ID of the originating job
dddddddd.ffffffff is the standard resource name as described in Resource Names for Adabas Files.

Refer to Cross-Level Security Checking in the Operations section for additional information and examples.

Adabas Utilities

Adabas Utility protection is controlled by the UTI configuration parameter which provides three levels of protection; name-level, function-level and function/file-level.

Refer to Utility Start-up in the Operations section for additional information and examples.

Resource Names for Name-level Protection

For name-level protection (UT1=1, the default), resource names have the following format:

pppddddd.SVCsvc

where:

Value Description
ppp is the last three characters of the program name specified by the ADARUN PROG= parameter. For example, CMP for the ADACMP utility or SAV for the ADASAV utility.
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
SVCsvc is the characters SVC followed by the 3-digit decimal number of the Adabas SVC.

Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.

Resoure Names for Function-level Protection

For function-level protection (UTI=2), resource names have the following format:

ppppppddddd.function

where:

Value Description
pppppp is the six character name of the program specified by the ADARUN PROG= parameter. For example, ADACMP or ADASAV.
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.

Note:
ddddd may not be present for certain utility/functions where the database ID has no significance. See Resource Names without Database IDs for further information.

. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the utility function being executed. Refer to Utility Functions for applicable utility functions.

Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.

As an alternative to the above resource name format, the use of utility function grouping enables resource names to be constructed with the following format:

ppppppddddd.functiongroupname

where:

Value Description
functiongroupname is the group name associated by the AAFUTITB function grouping table to the utility function being processed.

Refer to Grouped Resource Names for Adabas Utilities for more information on the use of utility function grouping.

Resource Names for Function/File-level Protection

For function/file-level protection (UTI=3), resource names have the same base format as function-level but include an extra qualifier for those utility functions that are file-related:

File-related function Resource Name
No
ppppppddddd.function
Yes
ppppppddddd.function.UFLfnr

where

Value Description
pppppp is the six character name of the program specified by the ADARUN PROG= parameter. For example, ADACMP or ADASAV.
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.

Note:
ddddd may not be present for certain utility/functions where the database ID has no significance. See Resource Names without Database IDs for further information.

. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the utility function being executed. Refer to Utility Functions for applicable utility functions.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
UFLfnr is the characters UFL followed by the file number, specified in the format defined by the setting of the DBFLEN configuration parameter.

Refer to Utility Start-up in the Operations section for general information on protecting Adabas utilities.

As an alternative to the above resource name format, the use of utility function and file grouping enables resource names to be constructed with the following format:

ppppppddddd.functiongroupname
ppppppddddd.functiongroupname.filegroupname

where:

Value Description
functiongroupname is the group name associated by the AAFUTITB function grouping table to the utility function being processed.
filegroupname is the group name associated by the UFTnnnnn file grouping table to the file number specified for the utility function being processed. (where nnnnn is the database ID against which the utility function is being processed.)

Refer to Grouped Resource Names for Adabas Utilities for more information on the use of utility function and file grouping.

Resource Names for Utility Functions

The information in the following table is applicable only to the use of UTI configuration parameter options 2 and 3.

The table describes the utility functions used in the formatting of the resource names for Function-level protection (UTI=2) and Function/File-level protection (UTI=3) of utilities. In addition, each entry in the table is identified as being file-related or not.

If a utility/function is file-related and Function/File-level protection is active, the resource name will include an additional qualifier identifying the appropriate file number.

Utility Function File-related
ADACDC - Yes
ADACHK - No
ADACMP COMPRESS Yes
DECOMPRESS Yes
ADACNV - No
ADADBS ADD No
ADDALOG No
ADDCLOG No
ADDPLOG No
ALLOCATE Yes
AUDITING Yes
AUDITSERVER No
CHANGE Yes
CVOLSER No
DEALLOCATE Yes
DECREASE No
DELALOG No
DELCLOG No
DELCP No
DELDE Yes
DELETE Yes
DELFN Yes
DELPLOG No
DEVENTLOG No
DSREUSE Yes
ENCODEF Yes
EXPFILE Yes
INCREASE No
ISNREUSE Yes
MODFCB Yes
MUPEX Yes
NEWFIELD Yes
ONLADD No
ONLINCREASE No
ONLINVERT Yes
ONLREORFASSO Yes
ONLREORFDATA Yes
ONLREORFILE Yes
OPERCOM_ADAEND No
OPERCOM_ALOCKF No
OPERCOM_ASSOSPACEWARN No
OPERCOM_AUDCONNECT No
OPERCOM_AUDITLOG No
OPERCOM_AUTOINCASSOSIZE No
OPERCOM_AUTOINCASSOTHRESHOLD No
OPERCOM_AUTOINCASSOTOTAL No
OPERCOM_AUTOINCDATASIZE No
OPERCOM_AUTOINCDATATHRESHOLD No
OPERCOM_AUTOINCDATATOTAL No
OPERCOM_CANCEL No
OPERCOM_CLOGMRG No
OPERCOM_CLUPUBLPROT No
OPERCOM_CT No
OPERCOM_DATASPACEWARN No
OPERCOM_DAUDPARM No
OPERCOM_DAUDSTAT No
OPERCOM_DAUQ No
OPERCOM_DCMDSTAT No
OPERCOM_DCQ No
OPERCOM_DDIB No
OPERCOM_DDSF No
OPERCOM_DFILES No
OPERCOM_DFILESTAT No
OPERCOM_DFILUSE No
OPERCOM_DHQA No
OPERCOM_DLOCKF No
OPERCOM_DNC No
OPERCOM_DNH No
OPERCOM_DNU No
OPERCOM_DONLSTAT No
OPERCOM_DPARM No
OPERCOM_DRES No
OPERCOM_DRPLPARM No
OPERCOM_DRPLSTAT No
OPERCOM_DSPACE No
OPERCOM_DSTAT No
OPERCOM_DTH No
OPERCOM_DUQ No
OPERCOM_DUUQE No
OPERCOM_DVOLIO No
OPERCOM_DXCACHE No
OPERCOM_DXFILE No
OPERCOM_DXLOCK No
OPERCOM_DXMSG No
OPERCOM_DXSTAT No
OPERCOM_DXWORK No
OPERCOM_DZSTAT No
OPERCOM_FEOFAL No
OPERCOM_FEOFCL No
OPERCOM_FEOFPL No
OPERCOM_HALT No
OPERCOM_INDEXCROSSCHECK No
OPERCOM_LOCKF Yes
OPERCOM_LOCKU Yes
OPERCOM_LOCKX Yes
OPERCOM_LOGCB No
OPERCOM_LOGFB No
OPERCOM_LOGGING No
OPERCOM_LOGIB No
OPERCOM_LOGIO No
OPERCOM_LOGRB No
OPERCOM_LOGSB No
OPERCOM_LOGUX No
OPERCOM_LOGVB No
OPERCOM_LOGVOLIO No
OPERCOM_LOGWARN No
OPERCOM_MXCANCEL No
OPERCOM_MXCANCELWARN No
OPERCOM_MXMSG No
OPERCOM_MXMSGWARN No
OPERCOM_MXSTATUS No
OPERCOM_MXWTOR No
OPERCOM_NOLOGCB No
OPERCOM_NOLOGFB No
OPERCOM_NOLOGGING No
OPERCOM_NOLOGIB No
OPERCOM_NOLOGIO No
OPERCOM_NOLOGRB No
OPERCOM_NOLOGSB No
OPERCOM_NOLOGUX No
OPERCOM_NOLOGVB No
OPERCOM_NOLOGVOLIO No
OPERCOM_ONLRESUME No
OPERCOM_ONLSTOP No
OPERCOM_ONLSUSPEND No
OPERCOM_RALOCKF Yes
OPERCOM_RALOCKFA No
OPERCOM_RDUMPST No
OPERCOM_READONLY No
OPERCOM_REVIEW No
OPERCOM_RPLCHECK No
OPERCOM_RPLCLEANUP No
OPERCOM_RPLCONNECT No
OPERCOM_RPLCONNECTCOUNT No
OPERCOM_RPLCONNECTINTERVAL No
OPERCOM_RPLREFRESH No
OPERCOM_SECUID No
OPERCOM_STOPF Yes
OPERCOM_STOPI No
OPERCOM_STOPSU No
OPERCOM_STOPSUR No
OPERCOM_STOPU No
OPERCOM_STOPUR No
OPERCOM_SYNCC No
OPERCOM_TLOG No
OPERCOM_TNAA No
OPERCOM_TNAE No
OPERCOM_TNAX No
OPERCOM_TT No
OPERCOM_UNLOCKF Yes
OPERCOM_UNLOCKU Yes
OPERCOM_UNLOCKX Yes
OPERCOM_UTIONLY No
OPERCOM_ZIIP No
PRIORITY No
REACTLOG No
RECORDSPANNING Yes
RECOVER No
REFRESH Yes
REFRESHSTATS No
RELEASE Yes
RENAME Yes
RENUMBER Yes
REPLICATION Yes
REPTOR No
RESETDIB No
RESETPPT No
SPANCOUNT Yes
TRANSACTIONS No
UNCOUPLE Yes
UNDELDE Yes
UNDELFN Yes
ADADEF DEFINE No
MODIFY No
NEWWORK No
ADADRU - No
ADAFRM ALOGFRM No
ASSOFRM No
ASSORESET No
CLOGFRM No
DATAFRM No
DATARESET No
DSIMFRM No
DSIMRESET No
PLOGFRM No
RLOGFRM No
SORTFRM No
TEMPFRM No
WORKFRM No
WORKRESET No
ADAINV COUPLE Yes
INVERT Yes
ADALOD LOAD Yes
LOAD_AUDITING Yes
LOAD_CHECKPOINT Yes
LOAD_LOB Yes
LOAD_REPLICATOR Yes
LOAD_SECURITY Yes
LOAD_SLOG Yes
LOAD_SYSFILE Yes
LOAD_TRIGGER Yes
UPDATE Yes
ADAMER - No
ADAORD REORASSO No
REORDATA No
REORDB No
REORFASSO Yes
REORFDATA Yes
REORFILE Yes
RESTRUCTUREDB No
RESTRUCTUREF Yes
STORE Yes
ADAPLP IPLOGPRI Yes
PLOGPRI Yes
SPLOGPRI Yes
WORKPRI Yes
ADAPRI ASSOPRI No
CLOGPRI No
DATAPRI No
DSIMPRI No
PLOGPRI No
RLOGPRI No
SORTPRI No
TEMPPRI No
WORKPRI No
ADARAI - No
ADAREP REPORT Yes
CPLIST Yes
CPEXLIST Yes
ADARIS - No
ADARES ALCOPY No
BACKOUT Yes
CLCOPY No
COPY No
MERGE No
PLCOPY No
REGENERATE Yes
REPAIR No
ADARPE EXTRACT No
ADARPL REPLAY Yes
REPLAY_ORIGIN Yes
REPLAY_PLOG Yes
ADARPP - No
ADASAV MERGE No
RESTONL Yes
RESTONL_GCB Yes
RESTORE Yes
RESTORE_GCB Yes
RESTPLOG Yes
SAVE Yes
ADASCR PASSWORD_CHANGE No
PASSWORD_DELETE No
INSERT Yes
PFIELDS Yes
PFILES No
PPW No
PROTECT Yes
REMOVE No
SBYVALUE Yes
ADASEL SELECT Yes
ADAULD UNLOAD Yes
ADAWRK - No
ADAZAP - No
ADAZIN - No

Resource Names without Database ID

Utilities for which a database ID has no significance do not include the database ID in the resource name.

The following table lists those utility/functions that do not include the database ID in the resource name:

Utility Function
ADACMP COMPRESS (with no FDT=)
ADACMP DECOMPRESS (with no INFILE=)
ADAFRM All functions
ADAMER All functions
ADAPLP All functions
ADAPRI All functions
ADARPE All functions
ADARPP All functions
ADASEL All functions
ADAZIN All functions

Online Administration Services

Resource Names for Adabas Auditing Configuration

Adabas Auditing Configuration protection is controlled by the ABS configuration parameter. The ABS parameter also controls the protection of Adabas Basic Services and the Adabas Event Replicator Subsystem.

Adabas SAF Security authorizes the use of Adabas Auditing Configuration by building a resource name to represent the function being used, as follows:

AACddddd.function

where

Value Description
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the administration function/subfunction being processed. See the table below for a list of all applicable functions.

Before checking any of the individual resources, Adabas SAF Security establishes a user's right to use Adabas Auditing Configuration against a particular Adabas Audit Server by verifying that the user has read access to the resource:

AACddddd.GENERAL

The following table defines the subfunctions for each Adabas Auditing Configuration function, together with the resource name that is checked (assuming DBFLEN=1, and DELIM=Y).

Note:
The Subfunction resource name is used only when subfunction protection is active (ABS=2).

Function (ABS=1) Subfunction (ABS=2) Resource Name Access Required
Destination Maintenance  
AACddddd.DEST
Read
  Display Destinations
AACddddd.DEST
Read
  Maintain Destinations
AACddddd.DEST
Update
Filter Maintenance  
AACddddd.FILT
Read
  Display Filters
AACddddd.FILT
Read
  Maintain Filters
AACddddd.FILT
Update
Format Buffer Maintenance  
AACddddd.FBUF
Read
  Display Format Buffers
AACddddd.FBUF
Read
  Maintain Format Buffers
AACddddd.FBUF
Update
Subscription Maintenance  
AACddddd.SUBS
Read
  Display Subscriptions
AACddddd.SUBS
Read
  Maintain Subscriptions
AACddddd.SUBS
Update
Global Settings Maintenance  
AACddddd.GLBL
Read
  Display Global Settings
AACddddd.GLBL
Read
  Maintain Global Settings
AACddddd.GLBL
Update

Refer to Adabas Auditing Configuration in the Operations section for additional information.

Resource Names for Adabas Event Replicator Subsystem

Adabas Event Replicator Subsystem is controlled by the ABS configuration parameter. The ABS parameter also controls the protection of Adabas Basic Services and Adabas Auditing Configuration.

Adabas SAF Security authorizes the use of Adabas Event Replicator Subsystem by building a resource name to represent the function being used, as follows:

ARFddddd.function

where

Value Desciption
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the administration function/subfunction being processed. See the table below for a list of all applicable functions.

Before checking any of the individual resources, Adabas SAF Security establishes a user's right to use Adabas Event Replicator Subsystem against a particular Adabas Replication Server by verifying that the user has read access to the resource:

ARFddddd.GENERAL

The following table defines the subfunctions for each Adabas Event Replicator Subsystem function, together with the resource name that is checked (assuming DBFLEN=1, and DELIM=Y).

Note:
The Subfunction resource name is used only when subfunction protection is active (ABS=2).

Function (ABS=1) Subfunction (ABS=2) Resource Name Required Access
Destination Maintenance  
ARFddddd.DEST
Read
  Display Destinations
ARFddddd.DEST
Read
  Maintain Destinations
ARFddddd.DEST
Update
Filter Maintenance  
ARFddddd.FILT
Read
  Display Filters
ARFddddd.FILT
Read
  Maintain Filters
ARFddddd.FILT
Update
Format Buffer Maintenance  
ARFddddd.FBUF
Read
  Display Format Buffers
ARFddddd.FBUF
Read
  Maintain Format Buffers
ARFddddd.FBUF
Update
Subscription Maintenance  
ARFddddd.SUBS
Read
  Display Subscriptions
ARFddddd.SUBS
Read
  Maintain Subscriptions
ARFddddd.SUBS
Update
Global Settings Maintenance  
ARFddddd.GLBL
Read
  Display Global Settings
ARFddddd.GLBL
Read
  Maintain Global Settings
ARFddddd.GLBL
Update
Initial State Maintenance  
ARFddddd.INIT
Read
  Display Initial State Settings
ARFddddd.INIT
Read
  Maintain Initial State Settings
ARFddddd.INIT
Update
Input Queue Maintenance  
ARFddddd.INPQ
Read
  Display Input Queue Settings
ARFddddd.INPQ
Read
  Maintain Input Queue Settings
ARFddddd.INPQ
Update
Resend Buffer Maintenance  
ARFddddd.RBUF
Read
  Display Resend Buffer Settings
ARFddddd.RBUF
Read
  Maintain Resend Buffer Settings
ARFddddd.RBUF
Update

Refer to Adabas Event Replicator Subsystem in the Operations section for additional information.

Resource Names for Adabas Basic Services

Adabas Basic Services protection is controlled by the ABS configuration parameter.

Adabas SAF Security authorizes the use of Adabas Basic Services by building a resource name to represent the function being used, as follows:

ABSddddd.function

where

Value Description
ddddd is the Database ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
function is the administration function/subfunction being processed. See the table below for a list of all applicable functions.

The following tables define the subfunctions for each Adabas Basic Services function, together with the resource name that is checked (assuming DBFLEN=1, and DELIM=Y).

Before checking any of the individual resources, ADASAF establishes a user's right to use Adabas Basic Services against this nucleus by verifying that the user has read access to the resource:

ABSddddd.GENERAL

Note:
The Subfunction Profile (listed in the following tables) is used only when ABS=2 (subfunction protection).

Session Monitoring Function

Function: Session Monitoring
Function Profile:
ABSddddd.SESSION
Subfunction Subfunction Profile* Access
Display Cluster Members
ABSddddd.CLUSTER
Read
Display Installed Products
ABSddddd.DISINST
Read
Maintain User Profiles
ABSddddd.USER
Read
Display Parameters
ABSddddd.PARM
Read
Modify Parameters
ABSddddd.PARM
Update
Display Queues
ABSddddd.QUEUES
Read
Refresh Nucleus Statistics
ABSddddd.REFSTATS
Read
Current Resource Statistics
ABSddddd.STATS
Read
Maintain TCP/IP URL
ABSddddd.TCPIP
Read
Display Interval Utilization
ABSddddd.RESUTIL
Read
Display Maintenance Levels
ABSddddd.ZAPS
Read
Display Event Log Buffer
ABSddddd.EVENTLOG
Read
Replicator Management
ABSddddd.REPLMGMT
Read
Display Session Utilization
ABSddddd.SESSUTIL
Read
Cluster Usage
ABSddddd.CLUSTUSE
Read

*Used only when ABS=2 (subfunction protection)

Checkpoint Maintenance Function

Function Checkpoint Maintenance
Function Profile
ABSddddd.CHECKP
Subfunction Subfunction Profile* Access
List Checkpoints
ABSddddd.CHECKP
Read
Delete Checkpoints
ABSddddd.CHECKP
Update

*Used only when ABS=2 (subfunction protection)

FILE Maintenance Function

Function File Maintenance
Function Profile
ABSddddd.FILE
Subfunction Subfunction Profile* Access
Define/Modify FDT
ABSddddd.FDT
Read
Release Descriptor
ABSddddd.REL
Read
Delete File
ABSddddd.DEL
Read
Define New File
ABSddddd.DEF
Read
Modify File Parameters
ABSddddd.MOD
Read
Reorder File Online
ABSddddd.ORD
Read
Refresh Rile to Empty
ABSddddd.REF
Read
Allocate/Deallocate File Space
ABSddddd.ALL
Read
Maintain Expanded Files
ABSddddd.EXP
Read
Logically Delete/Undel Descriptor
ABSddddd.LOGDDESC
Read

*Used only when ABS=2 (subfunction protection)

Database Maintenance Function

Function Database Maintenance
Function Profile
ABSddddd.DBMAINT
Subfunction Subfunction Profile* Access
Add New Dataset to Asso/Data
ABSddddd.ADD
Read
Increase/Decrease Asso/Data
ABSddddd.INCREASE
Read
List/Reset DIB Entries
ABSddddd.DIB
Read
Recover Unused Space
ABSddddd.RECOVER
Read
Uncouple Two Adabas Files
ABSddddd.UNCOUPLE
Read

*Used only when ABS=2 (subfunction protection)

Session Opercoms Function

Function Session Opercoms
Function Profile
ABSddddd.OPERCOMS
Subfunction Subfunction Profile* Access
Extended Error Recovery
ABSddddd.ERROR
Read
Force Dual Log Switch
ABSddddd.LOG
Read
Lock/Unlock Files
ABSddddd.LOK
Read
Reset Online Dump Status
ABSddddd.RDUMPST
Read
Stop User(s)
ABSddddd.STOPU
Read
Termination Commands
ABSddddd.TERM
Read
Manage Online Utilities
ABSddddd.UTILS
Read
Allocation/deallocation of CLOGs/PLOGs
ABSddddd.LOGALLOC
Read
User Table Maintenance
ABSddddd.USERTAB
Read
Issue Reactivate CLOG Command
ABSddddd.REACCLOG
Read
Replicator Management
ABSddddd.REPLMGMT
Read

*Used only when ABS=2 (subfunction protection)

Database Report Function

Function Database Report
Function Profile
ABSddddd.REPORT
Subfunction Subfunction Profile* Access
List Files with Critical Extents
ABSddddd.EXTENTS
Read
Display Field Description Table
ABSddddd.DFD
Read
Display File
ABSddddd.DIF
Read
General Database Layout
ABSddddd.LAYOUT
Read
List VOLSER Distribution
ABSddddd.VOLSER
Read
Display Asso/Data Block
ABSddddd.DRABN
Read
Display Unused Storage
ABSddddd.UNUSED
Read
Display Used Storage (DSPACE)
ABSddddd.DSPACE
Read

*Used only when ABS=2 (subfunction protection)

Space Calculation Function

Function Space Calculation Report
Function Profile
ABSddddd.SPACE

The Space Calculation function has no subfunction profiles.

Resource Names for Adabas System Coordinator Administration Services

Adabas SAF Security authorizes the use of Adabas System Coordinator Administration Services by building a resource name to represent the function being used.

The following table shows the online administration functions for which READ access to the indicated resource is required:

Function Resource Name Notes
System Settings
COR.SETTINGS
Display system settings.
Client Runtime controls
COR.CLIENT.type.name
Display, expand, list overrides, copy, display site info for a runtime control. type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Daemon Group Parameters
COR.GROUP.name
Display, copy or expand a group. name is the name of the group.
Current Activity Displays
Adabas Client Job Information
COR.ACTIVITY.jobname
Informational functions. jobname is the name of the selected job.
Current Activity Displays
Network Discovery
COR.ACTIVITY.DMNnnnnn
Informational functions. nnnnn is the node-id of the selected daemon.
Special Services (Fix Display)
COR.SPECIAL.jobname
jobname is the name of the client job for which fixes are to be displayed.
COR.SPECIAL.DMNnnnnn
nnnnn is the node number of the daemon for which fixes are to be displayed.
COR.SPECIAL.DBnnnnn
nnnnn is the database id of the database for which fixes are to be displayed.

The following table shows the online administration functions for which UPDATE access to the indicated resource is required:

Function Resource Name Notes
System Settings
COR.SETTINGS
Change system settings.
Client Runtime controls
COR.CLIENT.type.name
Add, modify, purge or rename a runtime control (or one of its overrides, or its site info). type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Daemon Group Parameters
COR.GROUP.name
Display, copy or expand a group. name is the name of the group.
Current Activity Displays Adabas
Client Job Information
COR.ACTIVITY.jobname
Operational functions. jobname is the name of the selected job.
Current Activity Displays
Network Discovery
COR.ACTIVITY.DMNnnnnn
Operational functions. nnnnn is the node-id of the selected daemon

Resource Names for Adabas Fastpath Administration Services

Adabas SAF Security authorizes the use of Adabas Fastpath Administration Services by building a resource name to represent the function being used.

Function Resource Name Notes
System Settings
AFP.SETTINGS
Display system settings.
Buffer Parameters
AFP.BUFFER.name
Display, copy or list files of a buffer. name is the name of the buffer.
File Parameters
AFP.FILE.DBnnnnn.FNRfffff
Display or copy a file. nnnnn is the database id and fffff is the file number.
Client Runtime controls
AFP.CLIENT.type.name
Display, expand, list overrides, copy, display site info for a runtime control. type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Buffer Information
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
Database and File Information
AFP.ACTIVITY.DBnnnnn

AFP.ACTIVITY.DBnnnnn.FNRfffff
nnnnn is the id of the selected database.
For files, fffff is the file number.
Optimized Job Information
AFP.ACTIVITY.jobname
Detail. jobname is the name of the selected job.
System Job Information
AFP.ACTIVITY.jobname
jobname is the name of the selected job.
Buffer History
AFP.HISTORY.name
name is the name of the selected buffer.
Asynchronous Buffer Services
AFP.ACTIVITY.DMNnnnnn
Informational functions (ABM Information). nnnnn is the node-id of the target daemon.
Database Component Services
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the target database.
Local SYSAFP Services
AFP.ACTIVITY.jobname
Informational functions (Connection Information and Job Statistics). jobname is the name of the job.
AFPLOOK Services
AFP.LOOK.DBnnnnn
AFPLOOK file and summary displays. nnnnn is the id of the target database.
Fix Display
AFP.SPECIAL.jobname
jobname is the name of the client job for which fixes are to be displayed.
AFP.SPECIAL.DMNnnnnn
nnnnn is the node number of the daemon for which fixes are to be displayed.
AFP.SPECIAL.DBnnnnn
nnnnn is the database id of the database for which fixes are to be displayed.

The following table shows the online administration functions for which UPDATE access to the indicated resource is required:

Function Resource Name Notes
System Settings
AFP.SETTINGS
Change system settings.
Buffer Parameters
AFP.BUFFER.name
Add, modify, purge or rename a buffer. name is the name of the buffer.
File Parameters
AFP.FILE.DBnnnnn.FNRfffff
Add, modify or purge a file. nnnnn is the database id and fffff is the file number.
Client Runtime controls
AFP.CLIENT.type.name
Add, modify, purge or rename a runtime control (or one of its overrides, or its site info). type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Buffer Information
AFP.ACTIVITY.DMNnnnnn
Operational services (Restart, Stop, Newcopy, Snap and Log). nnnnn is the node-id of the target daemon.
Database and File Information
AFP.ACTIVITY.DBnnnnn

AFP.ACTIVITY.DBnnnnn.FNRfffff
Operational services (Start and Stop). nnnnn is the id of the selected database.
For files, fffff is the file number.
Optimized Job Information
AFP.ACTIVITY.jobname
Services. jobname is the name of the job.
Asynchronous Buffer Services
AFP.ACTIVITY.DMNnnnnn
Operational functions (Restart, Stop, Newcopy, Snap and Log). nnnnn is the node-id of the target daemon.
Local SYSAFP Services
AFP.ACTIVITY.jobname
Operational functions (Reconnect, Disconnect and Newcopy). jobname is the name of the job.
AFPLOOK Services
AFP.LOOK.DBnnnnn
AFPLOOK operational functions (Start, Freeze/Pause, Release). nnnnn is the id of the target database.

AFPCMD and the online Printing Facility are also subject to SAF Security, as shown in the following table:

Function Object Resource Name Notes
LIST JOB
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
LIST DATABASE
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
LIST FILE
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
LIST SET
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
LIST SUMMARY
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
DISPLAY JOB
AFP.ACTIVITY.jobname
jobname is the name of the job.
DISPLAY DATABASE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
DISPLAY FILE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
DISPLAY SET
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
DISPLAY BUFFER
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
DISPLAY AFPLOOK
AFP.LOOK.DBnnnnn
nnnnn is the id of the selected database.
DISPLAY ALL   Resource profiles for individual resources are checked as necessary.
DISPLAY SUMMARY
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
PARMS BUFFER
AFP.BUFFER.name
name is the name of the buffer.
PARMS JOB
AFP.CLIENT.type.name
type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
PARMS FILE
AFP.FILE.DBnnnnn.FNRfffff
nnnnn is the database id and fffff is the file number.
STOP BUFFER
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
STOP JOB
AFP.ACTIVITY.jobname
jobname is the name of the job.
STOP DATABASE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
STOP FILE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
RESTART BUFFER
AFP.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
START JOB
AFP.ACTIVITY.jobname
jobname is the name of the job.
START DATABASE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.
START FILE
AFP.ACTIVITY.DBnnnnn
nnnnn is the id of the selected database.

LIST, DISPLAY and PARMS functions require READ access to the resource.

STOP, RESTART and START require UPDATE access.

Resource Names for Adabas Vista Administration Services

Adabas SAF Security authorizes the use of Adabas Vista Administration Services by building a resource name to represent the function being used.

Function Resource Name Notes
System Settings
AVI.SETTINGS
Display system settings.
File Partitioning
AVI.PARTFILE.DBnnnnn.FNRfffff
Display, copy or expand a partitioned file and its partitions. nnnnn is the source database id. fffff is the source file number.
File Translation
AVI.PAGE.name
Display, copy or expand a page and its translation rules. name is the page name.
Client Runtime controls
AVI.CLIENT.type.name
Display, expand, list overrides, copy, display site info for a runtime control. type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Current Activity Displays
AVI.ACTIVITY.jobname
jobname is the name of the current job.
Special Services
(Fix Display)
AVI.SPECIAL.jobname
jobname is the name of the client job for which fixes are to be displayed.
AVI.SPECIAL.DMNnnnnn
nnnnn is the node number of the daemon for which fixes are to be displayed.
AVI.SPECIAL.DBnnnnn
nnnnn is the database id of the database for which fixes are to be displayed.
AVILOOK
AVI.LOOK.DBnnnnn
AVILOOK file statistics. nnnnn is the id of the target database.

The following table shows the online administration functions for which UPDATE access to the indicated resource is required:

Function Resource Name Notes
System Settings
AVI.SETTINGS
Change system settings.
File Partitioning
AVI.PARTFILE.DBnnnnn.FNRfffff
Add, modify or purge a partitioned file and its partitions. nnnnn is the source database id. fffff is the source file number.
File Translation
AVI.PAGE.name
Add, modify or purge a page and its translation rules. name is the page name.
Client Runtime controls
AVI.CLIENT.type.name
Add, modify, purge or rename a runtime control (or one of its overrides, or its site info). type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
AVILOOK
AVI.LOOK.DBnnnnn
AVILOOK operational functions (Activate, Pause, Reset, Delete). nnnnn is the id of the target database.

Resource Names for Adabas Transaction Manager Administration Services

Adabas SAF Security authorizes the use of Adabas Transaction Manager Administration Services by building a resource name to represent the function being used.

Function Resource Name Notes
System Settings
ATM.SETTINGS
Display system settings.
Client Runtime controls
ATM.CLIENT.type.name
Display, expand, list overrides, copy, display site info for a runtime control. type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS
Transaction Manager Information
ATM.ACTIVITY.DMNnnnnn
nnnnn is the node-id of the target daemon.
Special Services
(Fix Display)
ATM.SPECIAL.jobname
jobname is the name of the client job for which fixes are to be displayed.
ATM.SPECIAL.DMNnnnnn
nnnnn is the node number of the daemon for which fixes are to be displayed.
ATM.SPECIAL.DBnnnnn
nnnnn is the database id of the database for which fixes are to be displayed.

The following table shows the online administration functions for which UPDATE access to the indicated resource is required:

Function Resource Name Notes
System Settings
ATM.SETTINGS
Change system settings.
Client Runtime controls
ATM.CLIENT.type.name
Add, modify, purge or rename a runtime control (or one of its overrides, or its site info). type is the job type and name is the name, without *s (so *DEFAULT is checked against DEFAULT).
Valid types are:
API-1
API-2
BATCH
COMPLETE
CICS-DTR
CICS
IMS
UTM
TSO
CMS
TIAM
MULTITCB
SINGLTCB
MISCDTR
SPATS

Resource Names for Adabas SAF Security Administration Services

Adabas SAF Security authorizes the use of Adabas SAF Security Administration Services by building a resource name to represent the function being used.

Function Resource Name Notes
System Settings
AAF.SETTINGS
Display system settings.
System Statistics
AAF.ACTIVITY.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.
SAF User ID Statistics
AAF.ACTIVITY.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.
Fix Display
AAF.SPECIAL.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.
Storage Display
AAF.SPECIAL.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.
System Tracing
AAF.ACTIVITY.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.
System Parameters
AAF.ACTIVITY.DBnnnnn
nnnnn is the id of the database or daemon for which information is requested.

The following table shows the online administration functions for which UPDATE access to the indicated resource is required:

Function Resource Name Notes
System Settings
AAF.SETTINGS
Change system settings.
SAF User ID Statistics
AAF.ACTIVITY.DBnnnnn
Required to reset or logoff a SAF user. nnnnn is the id of the target database or daemon.
Server Restart
AAF.SPECIAL.DBnnnnn
nnnnn is the id of the target database or daemon.

Entire Net-Work

Resource Names for Entire Net-Work Start-up

When starting Entire Net-Work, Adabas SAF Security will check that the starting User ID has access to a resource name of the following format:

NETddddd.SVCsvc

where

Value Description
ddddd is the target ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
SVCsvc is the characters SVC followed by the 3-digit decimal number of the Adabas SVC.

Refer to Entire Net-Work Start-up in the Operations section for additional information and examples.

Resource Names for Entire Net-Work Administration Functions

The protection of Entire Net-Work administration functions is controlled by the NETADMIN configuration parameter.

Adabas SAF Security authorizes the use of Entire Net-Work administration functions by verifying the user has read access to a resource name representing the function being executed. The format of this resource name is as follows:

NETWRKddddd.category

where

Value Description
ddddd is the target ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
category is the category of the administration function being processed. See the tables below for a list of all applicable functions and their respective category.

Refer to Entire Net-Work Administration Functions and Entire Net-Work Operator Commands in the Operations section for general information on protecting Entire Net-Work administration functions and operator commands.

The following function tables describe the administration function name, description, and respective category used in the formatting of the resource name:

Note:
The information in these tables is applicable regardless of whether the administration function is requested by a console operator command or by the Programmable Command Interface.

Main Functions
Main Functions Description Category
DISPLAY ALINKS Display active links DISPLAY
DISPLAY CPU Display CPU usage DISPLAY
DISPLAY CQ Display command queue DISPLAY
DISPLAY CQE Display command queue element DISPLAY
DISPLAY CSCI Display CSCI information DISPLAY
DISPLAY DETAIL Display detailed target information DISPLAY
DISPLAY LINKS Display links DISPLAY
DISPLAY LOGGING Display log settings DISPLAY
DISPLAY NODES Display nodes DISPLAY
DISPLAY PATHS Display paths DISPLAY
DISPLAY STATS Display statistics DISPLAY
DISPLAY TARGETS Display targets DISPLAY
DISPLAY UBQ Display UB queue DISPLAY
DISPLAY ZAPS Display zap list DISPLAY
DISPLAY ZSTATS Display zIIP statistics DISPLAY
CONSOLE Return log buffer contents (PCI only) DISPLAY
SET CQTIMER Modify CQTIMER MODIFY
SET DUMP Specify data areas to be dumped MODIFY
SET LOG Modify log setting MODIFY
SET LOGBUF Turn buffered logging on/off MODIFY
SET LOGBUFSZ Modify buffered logging buffer size MODIFY
SET MAXPATH Modify MAXPATH MODIFY
SET MSGFORM Modify MSGFORM MODIFY
SET PASSWORD Modify password (PCI only) MODIFY
SET REMCMD Allow/disallow remote PCI calls MODIFY
SET REPLYTIM Modify REPLYTIM MODIFY
SET SNAPERR Modify errors to be snapped MODIFY
SET TRACE Modify trace setting MODIFY
SET TRON Modify trace setting MODIFY
SET TROFF Turn tracing off MODIFY
SET UCMSG Modify UCMSG setting MODIFY
SET ULINK Modify unique link setting MODIFY
SET ZIIP Activate/deactivate zIIP processing MODIFY
ADAEND Terminate session normally CONTROL
END Terminate session normally CONTROL
HALT Terminate session normally CONTROL
NETEND Terminate session normally CONTROL
STOP Terminate session normally CONTROL
TERMINATE Terminate session normally CONTROL
DUMP Snap storage and terminate normally CONTROL
CLOSE Close driver CONTROL
OPEN Open driver CONTROL
START Open a driver CONTROL
CONNECT Connect a link CONTROL
DEFINE LINK Define a new link CONTROL
DISABLE Disable a link CONTROL
DISCONNECT Disconnect a link CONTROL
ENABLE Enable link CONTROL
RESUME Resume link CONTROL
SUSPEND Suspend a link CONTROL
LOGDON Activate driver logging CONTROL
LOGDOFF Deactivate driver logging CONTROL
LOGTON Activate target logging CONTROL
LOGTOFF Deactivate target logging CONTROL
CLOSE NETPRNT Close NETPRNT file CONTROL
OPEN NETPRNT Open NETPRNT file CONTROL
TRANSLAT DEFINE Add a translation definition CONTROL
TRANSLAT ADD Add a translation definition CONTROL
TRANSLAT DELETE Delete a translation definition CONTROL
TRANSLAT REMOVE Delete a translation definition CONTROL
TRANSLAT DISPLAY Display a translation definition CONTROL
TRANSLAT LIST Display a translation definition CONTROL
HELP Show help information CONTROL
LICREFRESH Redo license check CONTROL
PROBE Send probe to node CONTROL
SNAP Issue a snap of data areas CONTROL
VERIFY Verify a target CONTROL
CTCA/FCTC Driver Functions
CTCA/FCTC Driver Functions Description Category
SHOW Display link configuration CTC_DISPLAY
SNAP Dump link control blocks CTC_DISPLAY
STATS Display link statistics CTC_DISPLAY
STATUS Display link status CTC_DISPLAY
TRACE Display link trace table CTC_DISPLAY
ALTER IORETRY Number of I/O operation retries CTC_MODIFY
ALTER MAXIOTIM Maximum I/O completion time CTC_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT CTC_MODIFY
ALTER RCVBLKCT Number of receive buffers CTC_MODIFY
ALTER RCVBLKSZ Block size of receive buffers CTC_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries CTC_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals CTC_MODIFY
ALTER SAF NETSAF (WAF) point-of-access verification CTC_MODIFY
ALTER SNDBLKCT Number of send buffers CTC_MODIFY
ALTER SNDBLKSZ Block size of send buffers CTC_MODIFY
ALTER STATINT Print/Reset statistics time interval CTC_MODIFY
ALTER TRACESIZ Size of trace table CTC_MODIFY
ALTER UNIT Unit address of the CTCA link CTC_MODIFY
ALTER UNITREAD Unit address used to read data CTC_MODIFY
ALTER UNITWRT Unit address used to send data CTC_MODIFY
ALTER WEIGHT Path selection weighting CTC_MODIFY
ALTER ZEDC zEnterprise Data Compression (zEDC) CTC_MODIFY
ALTER ZEDCLOG zEDC compression trace data level CTC_MODIFY
CLOSE Close link CTC_MODIFY
CONNECT Connect link CTC_MODIFY
DISC Disconnect link CTC_MODIFY
OPEN Open link CTC_MODIFY
RESET Reset Statistics CTC_MODIFY
RESUME Resume link CTC_MODIFY
SUSPEND Suspend link CTC_MODIFY
TCPI Driver Functions
TCPI Driver Functions Description Category
SHOW Display driver configuration TCPI_DISPLAY
SNAP Dump driver control blocks TCPI_DISPLAY
STATS Display driver statistics TCPI_DISPLAY
STATUS Display driver status TCPI_DISPLAY
TRACE Display driver trace table TCPI_DISPLAY
ALTER ACCEPTUI Accept requests from undefined systems TCPI_MODIFY
ALTER ALLOWIP6 Attempt IPv6 communications TCPI_MODIFY
ALTER API Name of the TCP/IP API being used TCPI_MODIFY
ALTER CONNQUE Number of connect queue entries TCPI_MODIFY
ALTER DRVCHAR Driver/Link designated special character TCPI_MODIFY
ALTER DRVNAME Driver name TCPI_MODIFY
ALTER EXIT User exit name TCPI_MODIFY
ALTER KEEPALIV Maintain connections when no traffic TCPI_MODIFY
ALTER MULTSESS Multiple connection requests TCPI_MODIFY
ALTER NODELAY Use IBM socket option TCP-NODELAY TCPI_MODIFY
ALTER OPTIONS1 API-specific options TCPI_MODIFY
ALTER OPTIONS2 API-specific options TCPI_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT TCPI_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries TCPI_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals TCPI_MODIFY
ALTER SERVERID Port number used by Entire Net-Work TCPI_MODIFY
ALTER STATINT Print/Reset statistics time interval TCPI_MODIFY
ALTER SUBSYS Subsystem name for communications TCPI_MODIFY
ALTER TRACE Activate/deactivate tracing TCPI_MODIFY
ALTER TRACELEV Tracing levels TCPI_MODIFY
ALTER TRACESIZ Size of trace table TCPI_MODIFY
ALTER USERID User ID TCPI_MODIFY
CLOSE Close driver TCPI_MODIFY
OPEN Open driver TCPI_MODIFY
RESET Reset statistics TCPI_MODIFY
TCPI Link Functions
TCPI Link Functions Description Category
SHOW Display link configuration TCPI_DISPLAY
SNAP Dump link control blocks TCPI_DISPLAY
STATS Display link statistics TCPI_DISPLAY
STATUS Display link status TCPI_DISPLAY
TRACE Display link trace table TCPI_DISPLAY
ALTER ACQUIRE Attempt automatic connection TCPI_MODIFY
ALTER ADJHOST Internet host name for a node TCPI_MODIFY
ALTER ADJNODE Node name TCPI_MODIFY
ALTER COE Client Only Element TCPI_MODIFY
ALTER EXIT User exit name TCPI_MODIFY
ALTER INETADDR Remote host IPv4 address TCPI_MODIFY
ALTER KEEPALIV Maintain connections when no traffic TCPI_MODIFY
ALTER MULTSESS Multiple connection requests TCPI_MODIFY
ALTER NODELAY Use IBM socket option TCP-NODELAY TCPI_MODIFY
ALTER PORT Port numbers TCPI_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT TCPI_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries TCPI_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals TCPI_MODIFY
ALTER SAF NETSAF (WAF) point-of-access verification TCPI_MODIFY
ALTER SENDTIME Maximum send completion time TCPI_MODIFY
ALTER SERVERID Port number used by Entire Net-Work TCPI_MODIFY
ALTER STATINT Print/Reset statistics time interval TCPI_MODIFY
ALTER TRACESIZ Size of trace table TCPI_MODIFY
ALTER V6IPADDR Remote host IPv6 address TCPI_MODIFY
ALTER WEIGHT Path selection weighting TCPI_MODIFY
ALTER ZEDC zEnterprise Data Compression (zEDC) TCPI_MODIFY
ALTER ZEDCLOG zEDC compression trace data level TCPI_MODIFY
CLOSE Close link TCPI_MODIFY
CONNECT Connect link TCPI_MODIFY
DISCONNECT Disconnect link TCPI_MODIFY
OPEN Open link TCPI_MODIFY
RESET Reset statistics TCPI_MODIFY
RESUME Resume link TCPI_MODIFY
SUSPEND Suspend link TCPI_MODIFY
TCPX Driver Functions
TCPX Driver Functions Description Category
SHOW Display driver configuration TCPX_DISPLAY
SNAP Dump driver control blocks TCPX_DISPLAY
STATS Display driver statistics TCPX_DISPLAY
STATUS Display driver status TCPX_DISPLAY
TRACE Display driver trace table TCPX_DISPLAY
USERS Display active user information TCPX_DISPLAY
ALTER ACCEPTUI Accept requests from undefined systems TCPX_MODIFY
ALTER ADI Use Adabas Directory Server (ADI) TCPX_MODIFY
ALTER ADIHOST Hostname of ADI TCPX_MODIFY
ALTER ADIPART Partition name for use with ADI TCPX_MODIFY
ALTER ADIPORT Port number of ADI TCPX_MODIFY
ALTER ALLOWIP6 Attempt IPv6 communications TCPX_MODIFY
ALTER API Name of the TCP/IP API being used TCPX_MODIFY
ALTER CONNQUE Number of connect queue entries TCPX_MODIFY
ALTER DRVCHAR Driver/Link designated special character TCPX_MODIFY
ALTER DRVNAME Driver name TCPX_MODIFY
ALTER KEEPALIV Maintain connections when no traffic TCPX_MODIFY
ALTER MULTSESS Multiple connection requests TCPX_MODIFY
ALTER NODELAY Use IBM socket option TCP-NODELAY TCPX_MODIFY
ALTER NUMUSERS Max. no. of concurrent clients TCPX_MODIFY
ALTER OPTIONS1 API-specific options TCPX_MODIFY
ALTER OPTIONS2 API-specific options TCPX_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT TCPX_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries TCPX_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals TCPX_MODIFY
ALTER SERVERID Port number used by Entire Net-Work TCPX_MODIFY
ALTER STATINT Print/Reset statistics time interval TCPX_MODIFY
ALTER SUBSYS Subsystem name for communications TCPX_MODIFY
ALTER SUPMSGS Suppress NETP818I, NETP819I messages TCPX_MODIFY
ALTER TRACE Activate/deactivate tracing TCPX_MODIFY
ALTER TRACELEV Tracing levels TCPX_MODIFY
ALTER TRACESIZ Size of trace table TCPX_MODIFY
ALTER USERID User ID TCPX_MODIFY
ALTER WCPPART Alias of ADIPART TCPX_MODIFY
CLOSE Close driver TCPX_MODIFY
OPEN Open driver TCPX_MODIFY
RESET Reset statistics TCPX_MODIFY
TCPX Link Functions
TCPX Link Functions Description Category
SHOW Display link configuration TCPX_DISPLAY
SNAP Dump link control blocks TCPX_DISPLAY
STATS Display link statistics TCPX_DISPLAY
STATUS Display link status TCPX_DISPLAY
TRACE Display link trace table TCPX_DISPLAY
USERS Display active user information TCPX_DISPLAY
ALTER ACQUIRE Attempt automatic connection TCPX_MODIFY
ALTER ADJHOST Internet host name for a node TCPX_MODIFY
ALTER INETADDR Remote host IPv4 address TCPX_MODIFY
ALTER KEEPALIV Maintain connections when no traffic TCPX_MODIFY
ALTER MULTSESS Multiple connection requests TCPX_MODIFY
ALTER NODELAY Use IBM socket option TCP-NODELAY TCPX_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT TCPX_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries TCPX_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals TCPX_MODIFY
ALTER SAF NETSAF (WAF) point-of-access verification TCPX_MODIFY
ALTER SENDTIME Maximum send completion time TCPX_MODIFY
ALTER SERVERID Port number used by Entire Net-Work TCPX_MODIFY
ALTER STATINT Print/Reset statistics time interval TCPX_MODIFY
ALTER TRACESIZ Size of trace table TCPX_MODIFY
ALTER V6IPADDR Remote host IPv6 address TCPX_MODIFY
ALTER WEIGHT Path selection weighting TCPX_MODIFY
CLOSE Close link TCPX_MODIFY
CONNECT Connect link TCPX_MODIFY
DISCONNECT Disconnect link TCPX_MODIFY
OPEN Open link TCPX_MODIFY
RESET Reset statistics TCPX_MODIFY
RESUME Resume link TCPX_MODIFY
SUSPEND Suspend link TCPX_MODIFY
VTAM Driver Functions
VTAM Driver Functions Description Category
SHOW Display driver configuration VTAM_DISPLAY
SNAP Dump driver control blocks VTAM_DISPLAY
STATS Display driver statistics VTAM_DISPLAY
STATUS Display driver status VTAM_DISPLAY
TRACE Display driver trace table VTAM_DISPLAY
ALTER ACCEPTUI Accept requests from undefined systems VTAM_MODIFY
ALTER APPLID Application name VTAM_MODIFY
ALTER AUTHPATH Use VTAM Authorized Path VTAM_MODIFY
ALTER EXIT User exit name VTAM_MODIFY
ALTER MAXBLK Receive buffer size VTAM_MODIFY
ALTER MAXRU Receive buffer size VTAM_MODIFY
ALTER PASSWORD APPLID associated password VTAM_MODIFY
ALTER RECVRPLS Number of receive RPLs to be kept active VTAM_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries VTAM_MODIFY
ALTER SLEEPTIM Retry time interval VTAM_MODIFY
ALTER TPNAME Transaction program name definition VTAM_MODIFY
ALTER TRACESIZ Size of trace table VTAM_MODIFY
CLOSE Close driver VTAM_MODIFY
OPEN Open driver VTAM_MODIFY
RESET Reset statistics VTAM_MODIFY
VTAM Link Functions
VTAM Link Functions Description Category
SHOW Display link configuration VTAM_DISPLAY
SNAP Dump link control blocks VTAM_DISPLAY
STATS Display link statistics VTAM_DISPLAY
STATUS Display link status VTAM_DISPLAY
TRACE Display link trace table VTAM_DISPLAY
ALTER ACQUIRE Attempt automatic connection VTAM_MODIFY
ALTER APPLID Application name VTAM_MODIFY
ALTER ASSOCLU LU6.2 partner’s Receive LU VTAM_MODIFY
ALTER BLOCKMSG Message blocking VTAM_MODIFY
ALTER COMPRMSG Compress message duplicate characters VTAM_MODIFY
ALTER CRYPT Request the use of encryption/decryption VTAM_MODIFY
ALTER DEFRESP Request definite response VTAM_MODIFY
ALTER EXIT User exit name VTAM_MODIFY
ALTER LOGMODE Logmode table name VTAM_MODIFY
ALTER LUNAME LU name VTAM_MODIFY
ALTER MAXBLK Send buffer size VTAM_MODIFY
ALTER MAXRU Send buffer size VTAM_MODIFY
ALTER MINCMP ALTER MINCMP Minimum length for compression VTAM_MODIFY
ALTER MODEENT Logmode table entry name VTAM_MODIFY
ALTER NETID Partner’s VTAM network ID VTAM_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT VTAM_MODIFY
ALTER RESTART Reconnect retry interval and no. of retries VTAM_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals VTAM_MODIFY
ALTER SAF NETSAF (WAF) point-of-access verification VTAM_MODIFY
ALTER SNDTMOUT Maximum send completion time VTAM_MODIFY
ALTER STATBLK Accumulate message blocking statistics VTAM_MODIFY
ALTER STATCMP Accumulate data compression statistics VTAM_MODIFY
ALTER STATINT Print/Reset statistics time interval VTAM_MODIFY
ALTER TRACESIZ Size of trace table VTAM_MODIFY
ALTER WEIGHT Path selection weighting VTAM_MODIFY
ALTER ZEDC zEnterprise Data Compression (zEDC) VTAM_MODIFY
ALTER ZEDCLOG zEDC compression trace data level VTAM_MODIFY
CLOSE Close link VTAM_MODIFY
CONNECT Connect link VTAM_MODIFY
DISCONNECT Disconnect link VTAM_MODIFY
OPEN Open link VTAM_MODIFY
RESET Reset statistics VTAM_MODIFY
RESUME Resume link VTAM_MODIFY
XCF Driver Functions
XCF Driver Functions Description Category
SHOW Display driver configuration XCF_DISPLAY
SNAP Dump driver control blocks XCF_DISPLAY
STATS Display driver statistics XCF_DISPLAY
TRACE Display driver trace table XCF_DISPLAY
ALTER ACCEPTUI Accept requests from undefined systems XCF_MODIFY
ALTER EXHS Use extended handshakes XCF_MODIFY
ALTER GROUP XCF group name XCF_MODIFY
ALTER LARGEMSG Minimum size of a large message XCF_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT XCF_MODIFY
ALTER RCVBFNUM No. of entries in the receive buffer table XCF_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals XCF_MODIFY
ALTER SMALLMSG Maximum size of a small message XCF_MODIFY
ALTER STATINT Print/Reset statistics time interval XCF_MODIFY
ALTER TRACESIZ Size of trace table XCF_MODIFY
HELP List available functions XCF_MODIFY
RESET Reset statistics XCF_MODIFY
XCF Link Functions
XCF Link Functions Description Category
SHOW Display link configuration XCF_DISPLAY
SNAP Dump link control blocks XCF_DISPLAY
STATS Display link statistics XCF_DISPLAY
TRACE Display link trace table XCF_DISPLAY
ALTER ADJHOST Internet host name for a node XCF_MODIFY
ALTER EXHS Use extended handshakes XCF_MODIFY
ALTER PSTATS Print interval statistics to DDPRINT XCF_MODIFY
ALTER RSTATS Reset statistics at STATINT intervals XCF_MODIFY
ALTER SAF NETSAF (WAF) point-of-access verification XCF_MODIFY
ALTER STATINT Print/Reset statistics time interval XCF_MODIFY
ALTER WEIGHT Path selection weighting XCF_MODIFY
ALTER ZEDC zEnterprise Data Compression (zEDC) XCF_MODIFY
ALTER ZEDCLOG zEDC compression trace data level XCF_MODIFY
HELP List available functions XCF_MODIFY
RESET Reset statistics XCF_MODIFY

Resource Names for Adabas SAF Security Operator Commands

This section describes the formatting of the resource name when an Adabas SAF Security operator command is issued to any of the following jobs:

  • Adabas nucleus

  • Adabas utility

  • Entire Net-Work

When processing an operator command, Adabas SAF Security will check that the User ID under which the job is executing has read access to a resource name of the following format:

OPRddddd.SPECAL

where

Value Description
ddddd is the node ID, specified in the format defined by the setting of the DBFLEN configuration parameter.
. is an optional delimiter character, depending on the setting of the DELIM configuration parameter.
SPECAL is the substituted command used for all Adabas SAF Security operator commands.

Refer to Adabas SAF Security Operator Commands in the Operations section for general information on Adabas SAF Security operator commands.

Adabas Audit Server

Resource Names for Adabas Audit Server Start-up

Resource names used in the start-up of an Adabas Audit Server follow the same format as Resource Names for Adabas Nucleus Start-up.

Refer to Adabas Audit Server Start-up in the Operations section for additional information.

Resource Names for Adabas Audit Server Administration Functions

Resource names used in the protection of Adabas Audit Server administration functions follow the same format as Resource Names for Adabas Nucleus Administration Functions.

Refer to Adabas Audit Server Administration Functions in the Operations section for general information on protecting Adabas Audit Server administration functions.

Resource Names for Adabas Audit Server Operator Commands

Resource names used in the protection of operator commands issued to the Adabas Audit Server follow the same format as Resource Names for Adabas Operator Commands.

Refer to Adabas Audit Server Operator Commands in the Operations section for additional information.

Adabas Event Replicator Server

Resource Names for Adabas Event Replicator Server Start-up

Resource names used in the start-up of an Adabas Event Replicator Server follow the same format as Resource Names for Adabas Nucleus Start-up.

Refer to Adabas Event Replicator Server Start-up in the Operations section for additional information.

Resource Names for Adabas Event Replicator Server Administration Functions

Resource names used in the protection of Adabas Event Replicator Server administration functions follow the same format as Resource Names for Adabas Nucleus Administration Functions.

Refer to Adabas Event Replicator Server Administration Functions in the Operations section for general information on protecting Adabas Event Replicator Server administration functions.

Resource Names for Adabas Event Replicator Server Operator Commands

Resource names used in the protection of operator commands issued to the Adabas Event Replicator Server follow the same format as Resource Names for Adabas Operator Commands.

Refer to Adabas Event Replicator Server Operator Commands in the Operations section for additional information.

Grouped Resource Names

This section describes those resource names which can be subjected to grouping in order to simplify the administration of the required security resources.

Grouped Resource Names for Adabas Files

The AAFFILE macro is supplied on the ADASAF source library and is used to create a load module which defines prefixes, major nodes and/or minor nodes for file numbers or ranges of file numbers. You choose what mixture of prefixes, major and minor nodes you wish to use and for which files. Having created the load module, you identify it to ADASAF using the FILETAB configuration parameter to specify the load module name. The module must be available in an APF-authorized step library of the Adabas nucleus . At initialization, ADASAF attempts to load the nominated module. If the load fails, ADASAF issues message AAF004 and instructs the Adabas nucleus to terminate.

AAFFILE Parameters

AAFFILE has 3 parameters as described in the table below:

Parameter Syntax Eplananation
TYPE={PREFIX|MAJOR|MINOR|FINAL} 

TYPE=FINAL must be the last statement before the END and generates the load module contents, based on the previous AAFFILE statements.

TYPE=PREFIX|MAJOR|FINAL defines a name of 1 to 8 characters and a list of file numbers or ranges for which that name is to be used as the prefix, major node or minor node.

NAME=1 to 8 characters

Specifies the name to be used. The name must conform to the resource naming conventions of your security system.

FILES={(nnnnn,nnnnn-nnnnn…)|ALL}

Specifies a list of files or ranges of files for which this name should be used. FILES=ALL denotes that this name will be used for all files.

A sample assembly and link job is provided in SAGI055 in the JOBS installation dataset.

AAFFILE Parameter Examples

Example 1

AAFFILE TYPE=PREFIX,NAME=TEST,FILES=ALL
AAFFILE TYPE=MAJOR,NAME=ACCOUNTS,FILES=(1,5,11-20,251-300)
AAFFILE TYPE=MAJOR,NAME=HR,FILES=(101-200)
AAFFILE TYPE=MINOR,NAME=SALARY,FILES=(1,11,251)
AAFFILE TYPE=FINAL
END

Assuming DBFLEN=1 together with the above AAFFILE statements, the following resource names will be used for accesses to files on database 153:

File Number Resource Name (DELIM=Y) Resource Name (DELIM=N)
1
TEST.ACCOUNTS.SALARY
TEST.ACCOUNTSSALARY
38
TEST.CMD00153.FIL00038 
TEST.ACC00153FIL00038
200
TEST.HR.FIL00200
TEST.HRFIL00200
299
TEST.ACCOUNTS.FIL00299
TEST.ACCOUNTSFIL00299

Example 2

AAFFILE TYPE=PREFIX,NAME=ACCOUNTS,FILES=(1,5,11-20,251-300)
AAFFILE TYPE=MAJOR,NAME=PAYMENTS,FILES=(1,5,11-20)
AAFFILE TYPE=MAJOR,NAME=HR,FILES=(101-200)
AAFFILE TYPE=MINOR,NAME=SALARY,FILES=(1,11,251)
AAFFILE TYPE=FINAL
END

Assuming DBFLEN=1 together with the above AAFFILE statements, the following resource names will be used for accesses to files on database 253:

File Number Resource Name (DELIM=Y) Resource Name (DELIM=N)
1
ACCOUNTS.PAYMENTS.SALARY
ACCOUNTS.PAYMENTSSALARY
38
CMD00253.FIL00038
ACC00253FIL00038
200
HR.FIL00200
HRFIL00200
299
ACCOUNTS.CMD00253.FIL00299
ACCOUNTS.ACC00253FIL00299

As these examples show, you have complete flexibility in using grouped and standard database/file-specific resource names in any combination.

You will usually need to create a different load module for each database where grouped resource names are to be used, because different databases are likely to have different file grouping requirements.

Grouped Resource Names for Adabas Operator Commands

An operator command grouping table is available which enables sites to influence the construction of resource names by changing the default operator command name to site specific names.

This grouping table is available for Adabas operator commands issued against any of the following jobs:

  • Adabas nucleus

  • Adabas utility

A sample source member, ADAEOPTB, is provided which defines operator commands to one of three groups, namely DISPLY, MODIFY and SPECAL. The choice of group names and how commands are grouped is decided on site and determines which Adabas operator commands may be entered from a z/OS console. When adding or modifying an entry in ADAEOPTB, specify the operator command (if longer than 8 characters, only provide the first 8 characters) and grouping requirement, for example:

ENTITY NOLOGGIN,SPECAL        /*  prevent command logging  */

associates the NOLOGGING operator command with the group SPECAL.

You must also relink ADAIOR to include ADAEOPTB. For more information, refer to ADASAF installation procedure, step 7.

The following is a sample grouping as supplied in the ADAEOPTB source library member. The following list is not restricted to the commands shown here and can be added to or subtracted from, depending on installation requirements. For more information about Adabas operator commands, see the Adabas Operations documentation.

The display-type Adabas commands are:

CSTAT DHQ DONLSTAT DUQE
CSUM DHQA DPARM DUUQE
DAUQ DLOCKF DPPT DXCACHE
DCQ DMEMTB DRES DXFILE
DDIB DNC DSTAT DXLOCK
DDSF DNFV DTH DXMSG
DFILES DNH DUQ DXSTAT
DFILUSE DNU DUQA  

The modify-type Adabas commands are:

ADAEND CDATAHSP CFILE RESUME
CANCEL CDATAL64 CFSTAT REVIEW
CASSODSP CDATAMAX CINCLUDE TNAA
CASSOEXT CDATAV64 CLOGMRG TNAE
CASSOHSP CDELETE CPARM TNAX
CASSOL64 CDEMAND CRETRY TT
CASSOMAX CDISABLE CT MXCANCEL
CASSOV64 CDISPSTAT DUMP MXMSG
CBUFNO CENABLE FEOFCL MXMSGWAR
CCHANGE CEXCLUDE FEOFPL MXWTOR
CCTIMEOUT CFDELETE FMXIO  
CDATADSP CFDISABLE HALT  
CDATAEXT CFENABLE RDUMPST  

The special Adabas commands are:

ALOCKF LOGRB NOLOGVB SMFRECNO
AOSLOG LOGSB NOLOGVOLIO SMFSUBSYS
ASYTVS LOGUX NWCONNECT SGMT
CLUFREEUSER LOGVB ONLRESUME STOPF
DELUF LOGVOLIO ONLSTOP STOPI
DELUI LOGWARN ONLSUSPEND STOPU
LOCKF NOLOGCB RALOCKF SYNCC
LOCKU NOLOGFB RALOCKFA TCPIP
LOCKX NOLOGGING READONLY TM
LOGCB NOLOGIB REVIEWHUBID UNLOCKF
LOGFB NOLOGIO SMFDETAIL UNLOCKU
LOGGING NOLOGRB SMFDETAILADD UNLOCKX
LOGIB NOLOGSB SMFDETAILDEL UTIONLY
LOGIO NOLOGUX SMFINTERVAL  

Grouped Resource Names for Adabas Administration Functions

Aadministration function and file grouping tables are available which enable sites to influence the construction of resource names by changing the default administration function and file names to site specific names.

These grouping tables are available for administration functions performed against any of the following jobs:

  • Adabas nucleus

Administration function grouping table (AAFNUCTB)

A sample source member is provided (AAFNUCTB) which associates each of the Adabas administration functions to a specific function group name. This function group name then replaces the administration function name in the resource name.

The supplied function group names in AAFNUCTB are samples only - sites may define their own function group names and choose which of the administration functions are associated to a particular function group.

By way of an example, the table below shows the resource names constructed when an administrative request to delete file 18 is processed with and without the availability of AAFNUCTB (using the definitions in the sample AAFNUCTB).

DBADMIN With AAFNUCTB Without AAFNUCTB
(Y,NOFILE,WARN|FAIL)
ADANUCddddd.UTIFUP
ADANUCddddd.DELETE
(Y,FILE,WARN|FAIL)
ADANUCddddd.UTIFUP.UFL00018
ADANUCddddd.DELETE.UFL00018

For more information, refer to the sample member AAFNUCTB provided in the SRCE installation library. A sample assembly and link job is provided in SAGI065 in the JOBS installation library.

Administration file grouping table (UFTnnnnn)

A sample source member is provided (AAFFILTB) which has examples of how to associate a file group name to one or more files using the AAFFILE macro with TYPE=MINOR. This file group name then replaces the file number in the resource name.

The supplied file group names in AAFFILTB are samples only - sites should define their own file group names and choose which file numbers are associated to a particular file group.

By way of an example, the table below shows the resource names constructed when an administrative request to delete file 18 is processed with and without the availability of AAFFILTB (using the definitions in the sample AAFFILTB), and, for completeness, with and without the availability of AAFNUCTB (using the definitions in the sample AAFNUCTB).

Note:
This file grouping option only applies to DBADMIN=(Y,FILE,WARN|FAIL).

AAFFILTB With AAFNUCTB Without AAFNUCTB
Not Available
ADANUCddddd.UTIFUP.UFL00018
ADANUCddddd.DELETE.UFL00018
Available
ADANUCddddd.UTIFUP.INVOICE
ADANUCddddd.DELETE.INVOICE

For more information, refer to the sample member AAFFILTB provided in the SRCE installation library. The assembly and link job SAGI055 in the JOBS installation library may be used to create the nucleus administration file grouping table.

Notes:

  1. The resulting load module must be called UFTnnnnn where nnnnn is the 5 character numeric database ID (with leading zeros as appropriate) against which the Adabas administration function is being processed.
  2. A UFTnnnnn module must be made available to the corresponding Adabas job if file grouping is to be enabled.
  3. If a UFTnnnnn module created for Adabas administration file grouping is made available to Adabas utilities and the SAFCFG parameter UTI=3 is defined (for utility file-level protection), then the file grouping defined by this module will also be enabled for utility operations against the database ID denoted by nnnnn.

Grouped Resource Names for Adabas Utilities

Utility function and file grouping tables are available which enable sites to influence the construction of resource names by changing the default utility function and file names to site specific names.

Utility function grouping table (AAFUTITB)

A sample source member is provided (AAFUTITB) which associates each of the utility functions to a specific function group name. This function group name then replaces the utility function name in the resource name.

The supplied function group names in AAFUTITB are samples only - sites may define their own function group names and choose which of the utility functions are associated to a particular function group.

By way of an example, the table below shows the resource names constructed when an ADASAV SAVE FILES=18 is executed with and without the availability of AAFUTITB (using the definitions in the sample AAFUTITB).

UTI With AAFUTITB Without AAFUTITB
UTI=2
ADASAVddddd.UTIFAC
ADASAVddddd.SAVE
UTI=3
ADASAVddddd.UTIFAC.UFL00018
ADASAVddddd.SAVE.UFL00018

For more information, refer to the sample member AAFUTITB provided in the SRCE installation library. A sample assembly and link job is provided in SAGI065 in the JOBS installation library.

Utility file grouping table (UFTnnnnn)

A sample source member is provided (AAFFILTB) which has examples of how to associate a file group name to one or more files using the AAFFILE macro with TYPE=MINOR. This file group name then replaces the file number in the resource name.

The supplied file group names in AAFFILTB are samples only - sites should define their own file group names and choose which file numbers are associated to a particular file group.

By way of an example, the table below shows the resource names constructed when an ADASAV SAVE FILES=18 is executed with and without the availability of AAFFILTB (using the definitions in the sample AAFFILTB), and, for completeness, with and without the availability of AAFUTITB (using the definitions in the sample AAFUTITB).

Note:
This file grouping option only applies to UTI=3.

AAFFILTB With AAFUTITB Without AAFUTITB
Not Available
ADASAVddddd.UTIFAC.UFL00018
ADASAVddddd.SAVE.UFL00018
Available
ADASAVddddd.UTIFAC.INVOICE
ADASAVddddd.SAVE.INVOICE

For more information, refer to the sample member AAFFILTB provided in the SRCE installation library. The assembly and link job SAGI055 in the JOBS installation library may be used to create the utility file grouping table.

Notes:

  1. The resulting load module must be called UFTnnnnn where nnnnn is the 5 character numeric database ID (with leading zeros as appropriate) of the database in which the file numbers defined in the file grouping table reside.
  2. A UFTnnnnn module must be made available to the corresponding Adabas utility job if file grouping is to be enabled.
  3. If a UFTnnnnn module created for utility file grouping is made available to Adabas nucleus jobs and the SAFCFG parameter DBADMIN=(Y,FILE,WARN|FAIL) is defined (for nucleus administration file-level protection), then the file grouping defined by this module will also be enabled for nucleus administration functions within the database ID denoted by nnnnn.