Administration Commands
define_security_access_list
Other Conditions
Appendix A, Common Return Codes from snapadmin Commands, lists combinations of primary and secondary return codes that are common to all commands.
2.52.4 Incoming Calls
If you are configuring a port that accepts incoming calls (as defined by the tot_link_act_lim, inb_link_act_lim, and out_link_act_lim parameters), there is generally no need to define an LS to use for these calls; SNAplus2 will dynamically define an LS when the incoming call is received. However, if the incoming calls are from a host computer that supports dependent LUsor from a downstream computer using PU concentration, you need to explicitly define an LS because the LS definition includes the name of the PU associated with the dependent LUs or the name of the downstream PU.
When an incoming call arrives at the port, SNAplus2 checks the address specified on the call against the addresses specified for link stations defined on the port (if any) to determine if an LS has already been defined for the call. If the address does not match, an LS is dynamically defined. To ensure that the explicit LS definition (including the required PU name) is used, be sure that the address defined for this LS matches the address that is supplied by the host or the downstream computer on the incoming call.
2.53 define_security_access_list
The define_security_access_list command defines a list of users who can access a particular local LU or invokable TP, so that access to that LU or TP is restricted to the named users. It can also be used to add user names to an existing security access list. The user names in the list are defined using the define_userid_password command.
To restrict access for a particular local LU or invokable TP, you need to do the following.
1.Ensure that each authorized user of the LU or TP is defined using the define_userid_password command.
2.Use the define_security_access_list command to define a security access list containing all of these user IDs.
3.Specify the name of this security access list on the define_local_lu or define_tp command that defines the LU or TP.
When an incoming Allocate request arrives for a local LU or an invokable TP that has a security access list defined, the invoking application must indicate that conversation security is to be used, and specify a user ID. In addition to the standard conversation security checking (against user IDs specified using the define_userid_password command), SNAplus2 checks the user ID in the incoming allocate request against the security access list defined for the LU or TP, and rejects the conversation if the user ID does not match. If both the LU and the TP have security access lists defined, the user ID must be in both lists.
If a local LU or an invokable TP does not have a security access list defined, but is still configured to require conversation security, the standard conversation security checking still applies.
2.53.1 Supplied Parameters
Parameter name | Type | Length | Default |
[define_security_access_list] |
|
|
|
list_name | character | 14 |
|
description | character | 31 | (null string) |
{security_user_data} |
|
|
|
user_name | character | 10 |
|
210
