IBM Support

IBM Security zSecure Command and Ticket Logging (OA56705, OA56718, OA56801, and OA58254)

News


Abstract

This document describes the documentation updates as a result of the IBM
Security zSecure Command and Ticket Logging Service Stream Enhancement (SSE). All the
documentation updates apply to zSecure Admin and zSecure Command Verifier (V2.3.1).

Content

The following publications are updated:

  • zSecure CARLa-Driven Components Installation and Deployment Guide
  • zSecure Messages Guide
  • zSecure Admin and Audit for RACF User Reference Manual
  • zSecure CARLa Command Reference
  • zSecure Command Verifier User Guide

Note: Referenced topics that have not changed are not included in this document.
You can find them in the publication that the chapter applies to.

Incompatibility warning

This zSecure Service Stream Enhancement (SSE) provides support for a new function. The zSecure ISPF user interface has new fields to specify ticket identifiers and descriptions. In the original SSE, this support is activated automatically. If PTF UJ00783 (APAR OA58254) has been applied as well, the new support is activated only if profile CKR.CKXLOG.** in the configured resource class (default XFACILIT) has been defined.
Individual functions related to command logging can be controlled by creating more specific profiles. Creating a CKR.CKXLOG.** profile with UACC(READ), and not defining more specific profiles, has the following effects:
• It changes the command confirmation level (as specified in SE.4) for all zSecure Admin users.
• It enforces that a ticket ID and description are entered for every generated command.
In the absence of PTF UJ00783, the same situation might also arise from a top generic profile, like CKR.**
If PTF UJ00783 was applied , and the CKR.CKXLOG.** profile is not defined, the new fields and options are not available in the zSecure ISPF user interface. Other parts of the zSecure Command Logging application are not affected by the presence or absence of the CKR.CKXLOG.** profile.
The zSecure ISPF user interface enforces new prompts if a matching profile is found for resource CKR.CKXLOG.ID.PROMPT. If you have a matching profile (for example CKR.** or CKR.CKXLOG.**), but do not want to activate the additional prompting, define profile CKR.CKXLOG.ID.PROMPT with a UACC(NONE), and do not PERMIT groups or users on this profile.

The zSecure ISPF user interface displays fields allowing a ticket ID and description to be entered. If you have a matching profile (for example CKR.** or CKR.CKXLOG.**), but do not want to display these fields, define profile CKR.CKXLOG.ID.SHOW with a UACC(NONE), and do not PERMIT groups or users on this profile.
Note: The original edition of this function on zSecure V2.3.1 did not require the CKR.CKXLOG.** generic profile (which caused an incompatibility if you had a back-stop profile CKR.**). If you were already using this function, but did not define the CKR.CKXLOG.** profile yet, you must do so in order to continue using this function when upgrading to zSecure V2.4.0 or when applying the more recent update to zSecure V2.3.1 (APAR OA58254 / PTF UJ00783).
 

For details of the documentation update, see the PDF file: zsec_admin_command_log_2.pdf

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPQTM","label":"IBM Security zSecure Admin"},"Component":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"V2.3.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRM9V","label":"IBM Security zSecure Command Verifier"},"Component":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"V2.3.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
31 October 2019

UID

ibm10788003

Page Feedback