Activating the Mainframe Connector ISPF/PDF Interface
This section discusses the requirements for activating the ISPF/PDF interface for Mainframe Connector .
Mainframe Connector ISPF/PDF Load Modules
During the Mainframe Connector install process, the load modules for the Mainframe Connector ISPF/PDF interface were created in the target Mainframe Connector load library. The following load modules should be found in the target Mainframe Connector load library:
PICSMMC
PICSMSS
PICSMTBA
These load modules will need to be copied to a load library that will be available to the ISPF/PDF session for anyone that requires access to the Mainframe Connector ISPF/PDF interface. The PICSMTBA module is an authorized load module and must reside in an APF authorized dataset.
Mainframe Connector ISPF/PDF Panel and Message Members
The Mainframe Connector ISPF/PDF interface requires that panel and message members be made available to the ISPF/PDF environment. The following panel and message members reside in the .INSTLIB dataset that was created during the installation process:
PICSMLGH
PICSMLGP
PICSMTBH
PICSMTBP
PICSM10H
PICSM10P
PICSM20H
PICSM20P
PICM10
Copy the PICM10 member into a dataset in the ISPMLIB concatenation and copy the remaining members (PICSMLGH, PICSMLGP, PICSMTBH, PICSMTBP, PICSM10H, PICSM10P, PICSM20H, PICSM20P) into a dataset in the ISPPLIB concatenation of the logon procedure.
Updating the IKJTSOxx PARMLIB Member
Update the AUTHTSF section of the active IKJTSOxx PARMLIB member to include the PICSMTBA program name. This indicates to TSO that this program is eligible to execute as an authorized program when invoked from the IKJEFTSR service.
Authorizing PICS Usage
In a multiple (or even single) Mainframe Connector subsystem environment, it may be necessary or desirable to restrict the level of PICS access to appropriate Mainframe Connector subsystem information. PICS 7.0.3 implements resource rule checking, wherein subsystem information access validation is performed at each PICS access to a specified (or defaulted) Mainframe Connector subsystem. To assign the necessary authorizations, resource rules, whose format is dependent upon the security subsystem in use, must be defined as follows:
RACF
Issue the following TSO command for each subsystem to be authorized for PICS access:
RDEFINE FACILITY PSYNCH.PICS.ssnm
where ssnm is the 1 to 4 character subsystem name assigned to the Mainframe Connector subsystem via the SUBSYSNAME parameter described in Run-time parameters . This defines the specified facility class profile and assigns ALTER authority to the creating userid.
To permit additional users PICS access to a given Mainframe Connector subsystem, issue the following TSO command for each userid to which access is to be granted:
PERMIT PSYNCH.PICS.ssnm ACCESS(READ) CLASS(FACILITY) ID(userid)
ACF2
For ACF2, a resource rule of the following form must be created, compiled, and stored:
$KEY(PSYNCH) TYPE(FAC) PICS.ssnm UID(uid) SERVICE(READ) ALLOW
where
ssnmis the name of the Mainframe Connector subsystem with which you wish to communicate, anduidis the desired userid. If you wish to authorize access to multiple concurrently executing Mainframe Connector subsystems, then add further PICS.ssnm UID(uid) SERVICE(READ) ALLOW statements, replacing each ssnm with the associated subsystem name and uid with the appropriate userid.In addition, a CLASMAP record containing a resource type of FACILITY with a type code of FAC must exist. This can be confirmed by entering the ACF2 environment in TSO (e.g. enter ACF in TSO menu 6) with a sufficient security privilege level (e.g. SECURITY) and entering:
SHOW CLASMAP
If a resource type of FACILITY with a type code of FAC is displayed, then the necessary environment should already be active. If not, consult the ACF2 Administrator Guide for information on defining and activating CLASMAP records.
TopSecret
define PSYNCH as an IBMFAC. This can be done with the following TSO command:
TSS ADD(anydept) IBMFAC(PSYNCH)
where
anydeptis a valid TopSecret DEPT.to permit users PICS access to a given Mainframe Connector subsystem, issue the following TSO command for each userid to which access is to be granted:
TSS PERMIT(acid) IBMFAC(PSYNCH.PICS.ssnm)
where
acidis the TopSecret ACID you are granting access to andssnmis the 1 to 4 character subsystem name assigned to the PSYNCH/390 subsystem via the SUBSYSNAME parameter described in Run-time parameters .