Official | Management Console Security settings

Program Name

XRUSRADD

XRSYSIN Definition Card

Format of definition card

OPLSELECT=Operation Log Output Option (*1)
SYSFILEOUTPUTMODE=System File Output Mode

*1

:

When you use the operation log output function, you must include definitions related to operation logs. For details, refer to Operation Manual.

Format of XRCRD Definition Card

Specification of permissions to use the HULFT Management Console (for each user)

The following shows the format of the definition card for granting permissions to use the HULFT Management Console to one user:

        a         b          c            d            e           f          g          h 
ADD  user-id {[,SYSTEM]|[,SYS-VIEW] [,SYS-UPDATE] [,SYS-DEL]} [,LOG-ACS] [,EXECUTE] [,LOG-DEL]

= Remarks =

The definition card is in comma-delimited free-column format.

a. User ID

Define the user ID to which you want to apply HULFT Management Console Security. You must define the ID in alphanumeric characters within 8 bytes, starting with an uppercase alphabetic character.

b. Permission to Access System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Creation of new records in the management information
Updating of records in the management information
Deletion of records in the management information

You cannot define this permission at the same time as the Permission to View System Management Information, the Permission to View and Update System Management Information, or the Permission to View and Delete System Management Information.

c. Permission to View System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

d. Permission to View and Update System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Creation of new records in the management information
Updating of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

e. Permission to View and Delete System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Deletion of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

f. Log Read Permission

This is permission to view the following screens of the HULFT Management Console:

Send File List screen or Send Host List screen
Receive File List screen or Receive Host List screen
Request Status Confirmation screen
Transfer Status List screen
Send Queue Status List screen

g. Request Issue Permission

This is permission to perform the following operations on the HULFT Management Console:

Execution of the Send File
Execution of the Send Request
Execution of the Resend File
Deletion and cancelation of transfer on the Transfer Status List screen
Deletion of the Resend Queue information on the Resend Queue Status List screen

Note

You can cancel a transfer on the Transfer Status List screen only when you have all of the following permissions:

Log View Permission
Log Delete Permission

h. Log Delete Permission

This is permission to delete records in the following logs on the HULFT Management Console:

Send Log
Receive Log
Observe Log

Note

To define the Log Delete Permission, you must also define the Log Read Permission.
If Log View Permission (LOG-ACS) is not defined, the user cannot perform the following operations in the log screens even if Request Issue Permission (EXECUTE) is defined.

Issuance of requests
Cancelation of transfers
Deletion of transfer logs
Deletion of the Resend Queue information

= Remarks =

The Permission to Access System Management Information is provided for backward compatibility. For Ver.6.3 or higher, we recommend that you use the Permission to View System Management Information, the Permission to View and Update System Management Information, and the Permission to View and Delete System Management Information.

Revocation of usage permissions for the HULFT Management Console (for each user)

The following shows the format of the definition card for revoking the usage permissions of one user for the HULFT Management Console:

           a 
DELETE  user-id

a. User ID: Define the user ID from which you want to remove HULFT Management Console Security. You must define the ID in alphanumeric characters within 8 bytes, starting with an uppercase alphabetic character.

Default values of permissions to use the HULFT Management Console

If permissions are not granted to a user ID, the default permissions apply to the user ID. No default values are defined during installation of HULFT. When default values are not defined, all the permissions are available.

The definition card format for defining default values is shown below.

              a         b            c            d           e          f          g 
SECURITY  {[SYSTEM]|[SYS-VIEW] [,SYS-UPDATE] [,SYS-DEL]} [,LOG-ACS] [,EXECUTE] [,LOG-DEL]

= Remarks =

The definition card is in comma-delimited free-column format.

a. Permission to Access System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Creation of new records in the management information
Updating of records in the management information
Deletion of records in the management information

You cannot define this permission at the same time as the Permission to View System Management Information, the Permission to View and Update System Management Information, or the Permission to View and Delete System Management Information.

b. Permission to View System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

c. Permission to View and Update System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Creation of new records in the management information
Updating of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

d. Permission to View and Delete System Management Information

This is permission to perform the following operations on the System Configuration screen of the HULFT Management Console:

Viewing of records in the management information
Deletion of records in the management information

You cannot define this permission at the same time as the Permission to Access System Management Information.

e. Log Read Permission

This is permission to view the following screens of the HULFT Management Console:

Send File List screen or Send Host List screen
Receive File List screen or Receive Host List screen
Request Status Confirmation screen
Transfer Status List screen
Send Queue Status List screen

f. Request Issue Permission

This is permission to perform the following operations on the HULFT Management Console:

Execution of the Send File
Execution of the Send Request
Execution of the Resend File
Deletion and cancelation of transfer on the Transfer Status List screen
Deletion of the Resend Queue information on the Resend Queue Status List screen

g. Log Delete Permission

This is permission to delete records in the following logs on the HULFT Management Console:

Send Log
Receive Log
Observe Log

Note

Permissions are unavailable if no permission fields are defined as default values. In this case, HULFT screen (HULFT Main Menu screen) appears, but users cannot perform any operations.
To define the Log Delete Permission, you must also define the Log Read Permission.
If Log View Permission (LOG-ACS) is not defined, the user cannot perform the following operations in the log screens even if Request Issue Permission (EXECUTE) is defined.
- Issuance of requests
- Cancelation of transfers
- Deletion of transfer logs
- Deletion of the Resend Queue information

= Remarks =

The Permission to Access System Management Information is provided for backward compatibility. For Ver.6.3 or higher, we recommend that you use the Permission to View System Management Information, the Permission to View and Update System Management Information, and the Permission to View and Delete System Management Information.

Confirmation list of permissions to use the HULFT Management Console

Use this list to view usage permissions for the HULFT Management Console that are granted to user IDs or defined as default values. The confirmation list is output to SYSOUT. For details, refer to Example confirmation list of permissions to use the HULFT Management Console. The following shows the format of the definition card for displaying the confirmation list:

          a     b 
LIST  {user-id|ALL}

a. User ID: This value defines the user ID whose security settings are to be viewed. You must define the ID in alphanumeric characters within 8 bytes, starting with an uppercase alphabetic character.
b. All user IDs: Define this value to view the security settings of all registered user IDs.

= Remarks =

The list function is available only when usage permissions for the HULFT Management Console have been defined.

Example of JCL

//XRUSRADD JOB  CLASS=A,MSGCLASS=B                                              
//XRUSRADD EXEC PGM=XRUSRADD                                                    
//STEPLIB  DD   DSN=HULFT.LOAD,DISP=SHR                                         
//XRFILE   DD   DSN=HULFT.FILE,DISP=SHR                                         
//XRHOST   DD   DSN=HULFT.HOST,DISP=SHR                                         
//XRSYSIN  DD   DSN=HULFT.PARMLIB(HULPRM),DISP=SHR                              
//SYSOUT   DD   SYSOUT=*                                                        
//XRCRD    DD   *                                                               
  ADD HULUSER1,SYS-VIEW,SYS-UPDATE,SYS-DEL,LOG-ACS,EXECUTE,LOG-DEL              
  DELETE HULUSER2                                                               
  LIST ALL                                                                      
//

DD Name	Value	Description
STEPLIB	HULFT.LOAD	HULFT load module library
XRFILE	HULFT.FILE	Send and Receive Management File
XRHOST	HULFT.HOST	Host Information File
XRSYSIN	HULFT.PARMLIB(HULPRM)	System Environment Settings File

Example confirmation list of permissions to use the HULFT Management Console

* XRUSRADD * HULUSER1 IS ADDED 
* XRUSRADD * HULUSER2 IS DELETED 
* XRUSRADD * HULUSER1 LOG-ACS=ON LOG-DEL=ON SYS-VIEW=ON SYS-UPDATE=ON SYS-DEL=ON EXECUTE=ON 
* XRUSRADD * OTHERS LOG-ACS=OFF LOG-DEL=OFF SYS-VIEW=OFF SYS-UPDATE=OFF SYS-DEL=OFF EXECUTE=OFF

= Remarks =

To use usage permissions for the HULFT Management Console in order to configure security (usage permissions) for HULFT Manager, define within the Startup JCL for the Observe program (XRACCPT) a user ID that is granted usage permissions for the HULFT Management Console.
For details, refer to HULFT Manager service settings.