IBM OS/390 manual Logon Procedures, Message Facilities, Security

7.1.2 LOGON Procedures

In ICCF, a logon procedure may be specified in the user profile. This entry references an ICCF procedure or macro used to define the environment for this logon. These optional procedures or macros are normally defined by the user if they are present.

In TSO/E, the LOGON procedure is not optional. The LOGON procedure defines the system resources available to a terminal user and defines or allows for dynamic allocation of all data sets used by a terminal user. LOGON cataloged procedures must reside in the data set defined in the procedure used to start the primary job entry subsystem, JES2 or JES3. This data set may be either SYS1.PROCLIB or a partitioned data set dedicated to LOGON procedures.

You may specify a user′s default logon procedure (for the user′s first logon) in the user′s TSO segment using the PROC keyword. You may authorize or restrict usage of logon procedures using RACF′s TSOPROC resource class. Again, see TSO/E Customization and RACF Security Administrator′s Guide when you need more details.

7.1.3 Message Facilities

The ICCF member A$MAIL normally resides in the ICCF common library of DTSFILE and is used to broadcast messages to all ICCF users. The ICCF command /MAIL is issued by an ICCF user to view any messages that have been stored in member A$MAIL. If messages are sent to an individual ICCF user by using the /SEND command, they are stored in an ICCF member unique to the receiver that is created automatically by ICCF. Both of these ICCF facilities are optional.

For the TSO/E environment, a Broadcast Data Set, SYS1.BRODCAST, is required. Normally, though, you will use the broadcast data set only to hold notices, messages intended for display to all users at logon time such as a message of the day or a system status message. For messages directed to individual users (single-line mail) you will normally want to configure TSO/E to use a separate data set for each user. You do this using operands on the SEND statement in SYS1.PARMLIB(IKJTSO00). Smaller installations may wish to use SYS1.BRODCAST for mail messages, too, and can configure this using the SEND options in IKJTSO00 if they desire.

TSO/E users can choose to view mail and notices at logon time, or to suppress such viewing by specifying NONOTICES and/or NOMAIL. They may also view mail and notices whenever they desire using TSO/E′s LISTBC command.

7.1.4 Security

ICCF provides facilities which protect ICCF libraries, ICCF library members, files, and VSE library members against unauthorized access from interactive partitions. The implementation of security in the ICCF environment is not related to an overall DOS/VSE security implementation.

In the MVS TSO/E environment, security is an MVS system level requirement and will normally be handled through RACF.

Both ICCF and TSO/E provide a first level of security in the requirement for predefined user IDs before accessing the system. A password for the user ID is required for access to the system.

Chapter 7. ICCF and TSO 157