IBM OS/390 New FMID , OW24966 Enhancements to TARGET Command

system. This support provides a solution to many customers that find themselves in

such a situation.

The PERMIT command has a new keyword to add users and groups to the

conditional access list, WHEN(SYSID(...)). This keyword is allowed only for the

PROGRAM class. WHEN(SYSID(...)) is similar to the existing keywords

WHEN(TERMINAL(...)), WHEN(PROGRAM(...)), and WHEN(JESINPUT(...)). No

class is associated with SYSID. In addition, no check is made to determine whether

the value specified for SYSID is valid.

A new error message is issued if WHEN(SYSID(...)) is specified for a class other

than PROGRAM. When copying a conditional access list from a PROGRAM profile

to a non-PROGRAM profile, WHEN(SYSID(...)) entries are not copied. No

messages are issued if this is the case. This applies to ADDSD FROM, RDEFINE

FROM, RACROUTE REQUEST=DEFINE with modeling, and PERMIT FROM.

New FMID OS/390 Release 4 Security Server (RACF) has a new FMID, HRF2240. Although

RACF, as a component of the OS/390 Security Server, no longer has a version,

release, and modification level of its own, for compatibility with previous versions

and releases of RACF the new FMID is treated as if it represented version 2.4.0.

The RCVT contains the value 2040 to identify the RACF level. The ICHEINTY,

ICHEACTN, and ICHETEST macros accept the keyword RELEASE=2.4, although

they support no new keywords that would require the RELEASE=2.4 keyword.

OW24966 Enhancements to TARGET Command

The RACF TARGET command now accepts the new keyword WDSQUAL to allow

allocation of the work space data sets when the system name starts with a numeric

character. This keyword indicates that the variable that follows is the middle

qualifier used by RRSF for the workspace data set qualifier names of the INMSG

and OUTMSG queues for the local RRSF node defined by the TARGET command.

WDSQUAL cannot be used for a remote node.

The format for the qualified name is

prefix.wdsqual. ds_identity

wdsqual

can be

from 1 to 8 characters long beginning with an alphabetic character. Initial numerals

are not accepted. The formation of the workspace data set names can be changed

until the data sets are allocated. Specifying WDSQUAL on another TARGET

command after its node has become dormant or operative is not allowed.

Specifying of WDSQUAL on the same command is allowed.

If you have any TARGET commands in your IRROPTxx RACF parameter library

member that specify the WORKSPACE keyword abbreviated to a W, you need to

increase the length of that keyword to at least WO so it is not mistaken for the new

WDSQUAL keyword which is now represented as W. It is recommended that the

use of abbreviations be avoided in clists, REXX execs, and parmlib statements.

If WDSQUAL is not specified, the previously used format for the data set names is

used. This is

prefix.sysname

.INMSG and

prefix.sysname

.OUTMSG.

For more information on the TARGET command, see

OS/390 Security Server

(RACF) Command Language Reference

Chapter 2. Release Overview 9