ISFPRMxx statements
After you identify which ISFPRMxx member SDSF is using, you can determine how security is set up and assess how users are grouped and what they are authorized to do in SDSF.
The following parameters are used in ISFPRMxx to define groups and users:
| Parameter | Description |
|---|---|
| NAME (group-name) | Group name, used in SAF resource. |
| ILPROC (NTBL-name) | Includes users by logon procedure. |
| XLPROC (NTBL-name) | Excludes users by logon procedure. |
| ITNAME (NTBL-name) | Includes users by terminal name. |
| XTNAME (NTBL-name) | Excludes users by terminal name. |
| IUID (NTBL-name) | Includes users by user ID. |
| XUID (NTBL-name) | Excludes users by user ID. |
| TSOAUTH (attributes) | Includes users by TSO authority. |
Example 1 – Group of users defined with IUID parameter
GROUP IUID(GRPACC),
PREFIX(USERID),
AUTH(ALLUSER)
NTBL NAME(GRPACC)
NTBLENT STRING(TEST),OFFSET(1)
NTBLENT STRING(DEV),OFFSET(1)The IUID parameter defines the NTBL statement labelled GRPACC. This means that any user whose user ID that starts with the string TEST or DEV will be included in this group (for example: TEST01, TESTUSR, DEVUSR, DEV001, DEV002).
The PREFIX parameter specifies that users will only be able to see jobs in SDSF under their own prefix name (such as DEV001*).
The AUTH parameter identifies the SDSF panels that users belonging to this group are allowed to display, and the SDSF commands that they are allowed to issue.
Example 2 – Group of users defined in RACF
GROUP NAME(GRPSDSF1) AUTH(DA,I,O,H,ST,DEST,PREF),
PREFIX(USERID)In this example, group GRPSDSF1 is being defined through the NAME parameter on the GROUP statement. All members of this group will be authorized in RACF to profile GROUP.group-name.server-name. If SDSF is the server name, this translates to GROUP.GRPSDSF1.SDSF.
The PREFIX parameter set to USERID means that users will only be able to see jobs in SDSF under their own prefix name (such as DEV001*).