system. This support provides a solution to many customers that find themselves in
such a situation.
The PERMIT command has a new keyword to add users and groups to the
conditional access list, WHEN(SYSID(...)). This keyword is allowed only for the
PROGRAM class. WHEN(SYSID(...)) is similar to the existing keywords
WHEN(TERMINAL(...)), WHEN(PROGRAM(...)), and WHEN(JESINPUT(...)). No
class is associated with SYSID. In addition, no check is made to determine whether
the value specified for SYSID is valid.
A new error message is issued if WHEN(SYSID(...)) is specified for a class other
than PROGRAM. When copying a conditional access list from a PROGRAM profile
to a non-PROGRAM profile, WHEN(SYSID(...)) entries are not copied. No
messages are issued if this is the case. This applies to ADDSD FROM, RDEFINE
FROM, RACROUTE REQUEST=DEFINE with modeling, and PERMIT FROM.
New FMID
OS/390 Release 4 Security Server (RACF) has a new FMID, HRF2240. Although
RACF, as a component of the OS/390 Security Server, no longer has a version,
release, and modification level of its own, for compatibility with previous versions
and releases of RACF the new FMID is treated as if it represented version 2.4.0.
The RCVT contains the value 2040 to identify the RACF level. The ICHEINTY,
ICHEACTN, and ICHETEST macros accept the keyword RELEASE=2.4, although
they support no new keywords that would require the RELEASE=2.4 keyword.
OW24966 Enhancements to TARGET Command
The RACF TARGET command now accepts the new keyword WDSQUAL to allow
allocation of the work space data sets when the system name starts with a numeric
character. This keyword indicates that the variable that follows is the middle
qualifier used by RRSF for the workspace data set qualifier names of the INMSG
and OUTMSG queues for the local RRSF node defined by the TARGET command.
WDSQUAL cannot be used for a remote node.
The format for the qualified name is
prefix.wdsqual. ds_identity
.
wdsqual
can be
from 1 to 8 characters long beginning with an alphabetic character. Initial numerals
are not accepted. The formation of the workspace data set names can be changed
until the data sets are allocated. Specifying WDSQUAL on another TARGET
command after its node has become dormant or operative is not allowed.
Specifying of WDSQUAL on the same command is allowed.
If you have any TARGET commands in your IRROPTxx RACF parameter library
member that specify the WORKSPACE keyword abbreviated to a W, you need to
increase the length of that keyword to at least WO so it is not mistaken for the new
WDSQUAL keyword which is now represented as W. It is recommended that the
use of abbreviations be avoided in clists, REXX execs, and parmlib statements.
If WDSQUAL is not specified, the previously used format for the data set names is
used. This is
prefix.sysname
.INMSG and
prefix.sysname
.OUTMSG.
For more information on the TARGET command, see
OS/390 Security Server
(RACF) Command Language Reference
.
Chapter 2. Release Overview 9