IBM OS/390 manual Iccf and TSO, Preparing to Use the System, User Profiles, 155

Chapter 7. ICCF and TSO

DOS/VSE users of the Interactive Computing and Control Facility (ICCF) who migrate to OS/390 will find a very powerful interactive system available via OS/390¢s Time Sharing Option (TSO/E) and related products, particularly the Interactive System Productivity Facility (ISPF). This section addresses the TSO/E and ISPF implementation of the common functions used in ICCF. It is not intended to be a complete list of the functions available to the TSO/E user.

7.1 Preparing to Use the System

ICCF uses a single direct access data set, DTSFILE, to maintain the information and data necessary for interactive execution. DTSFILE is logically divided to contain user profiles, ICCF libraries, and interactive input, list, and punch areas. TSO/E, on the other hand, maintains user profile information in either the Resource Access Control Facility (RACF, or OS/390 Security Server) database or (less commonly) in the TSO/E User Attribute Data Set (UADS). In addition, you can tailor the interactive user¢s environment by assigning customized LOGON procedures stored in a partitioned data set (PDS). The equivalent of an ICCF library would be either a sequential data set or a PDS in the TSO/E environment. TSO/E interfaces directly with the job entry subsystem, JES2 or JES3, to handle interactive job input and list or punch output. In this section we will review the requirements to allow access to your TSO/E system.

7.1.1 User Profiles

The ICCF System Administrator authorizes ICCF users by creating a user profile and storing it in DTSFILE. The person responsible for TSO/E in an MVS environment will normally authorize TSO/E access by creating user profiles in the RACF data base and defining a TSO ²segment² for those users. Alternatively, though much less common since most OS/390 systems have RACF active, the administrator could create entries in the TSO/E User Attribute Data Set (UADS). This chapter will focus on using RACF to register TSO users. If you need information on using the older TSO/E methods you can read about the ACCOUNT command in the TSO/E Customization book.

As delivered, your OS/390 system with RACF will have one user defined, IBMUSER. IBMUSER has a predefined password of SYS1, which you must change the first time you logon, and has the SPECIAL attribute to allow full administration of RACF. As one of your first tasks, you would create another administrative ID and then ²revoke² IBMUSER to make it unusable by any other users who might attempt to take control of your system.

Each TSO/E user has, as a minimum, a user ID and an associated LOGON procedure. LOGON procedures will be covered in the next section. The user ID can be from 1-7 alphameric characters beginning with an alphabetic or a national character. An ICCF user ID is always four characters.

Each user will also have a password, which you assign initially when creating the user¢s profile. RACF will mark this password as expired and require the user to change it upon first logon. Each user may change the password periodically if he or she desires, and through RACF¢s options you may enforce such periodic changes. For more information on this please refer to the OS/390 Security Server (RACF) Security Administrator¢s Guide.