IBM OS/390 User Manual
Chapter 7. ICCF and TSO
DOS/VSE users of the Interactive Computing and Control Facility (ICCF) who
migrate to OS/390 will find a very powerful interactive system available via
OS/390
migrate to OS/390 will find a very powerful interactive system available via
OS/390
′
s Time Sharing Option (TSO/E) and related products, particularly the
Interactive System Productivity Facility (ISPF). This section addresses the TSO/E
and ISPF implementation of the common functions used in ICCF. It is not
intended to be a complete list of the functions available to the TSO/E user.
and ISPF implementation of the common functions used in ICCF. It is not
intended to be a complete list of the functions available to the TSO/E user.
7.1 Preparing to Use the System
ICCF uses a single direct access data set, DTSFILE, to maintain the information
and data necessary for interactive execution. DTSFILE is logically divided to
contain user profiles, ICCF libraries, and interactive input, list, and punch areas.
TSO/E, on the other hand, maintains user profile information in either the
Resource Access Control Facility (RACF, or OS/390 Security Server) database or
(less commonly) in the TSO/E User Attribute Data Set (UADS). In addition, you
can tailor the interactive user
and data necessary for interactive execution. DTSFILE is logically divided to
contain user profiles, ICCF libraries, and interactive input, list, and punch areas.
TSO/E, on the other hand, maintains user profile information in either the
Resource Access Control Facility (RACF, or OS/390 Security Server) database or
(less commonly) in the TSO/E User Attribute Data Set (UADS). In addition, you
can tailor the interactive user
′
s environment by assigning customized LOGON
procedures stored in a partitioned data set (PDS). The equivalent of an ICCF
library would be either a sequential data set or a PDS in the TSO/E environment.
TSO/E interfaces directly with the job entry subsystem, JES2 or JES3, to handle
interactive job input and list or punch output. In this section we will review the
requirements to allow access to your TSO/E system.
library would be either a sequential data set or a PDS in the TSO/E environment.
TSO/E interfaces directly with the job entry subsystem, JES2 or JES3, to handle
interactive job input and list or punch output. In this section we will review the
requirements to allow access to your TSO/E system.
7.1.1 User Profiles
The ICCF System Administrator authorizes ICCF users by creating a user profile
and storing it in DTSFILE. The person responsible for TSO/E in an MVS
environment will normally authorize TSO/E access by creating user profiles in
the RACF data base and defining a TSO
and storing it in DTSFILE. The person responsible for TSO/E in an MVS
environment will normally authorize TSO/E access by creating user profiles in
the RACF data base and defining a TSO
″
segment
″
for those users. Alternatively,
though much less common since most OS/390 systems have RACF active, the
administrator could create entries in the TSO/E User Attribute Data Set (UADS).
This chapter will focus on using RACF to register TSO users. If you need
information on using the older TSO/E methods you can read about the ACCOUNT
command in the
administrator could create entries in the TSO/E User Attribute Data Set (UADS).
This chapter will focus on using RACF to register TSO users. If you need
information on using the older TSO/E methods you can read about the ACCOUNT
command in the
TSO/E Customization book.
As delivered, your OS/390 system with RACF will have one user defined,
IBMUSER. IBMUSER has a predefined password of SYS1, which you must
change the first time you logon, and has the SPECIAL attribute to allow full
administration of RACF. As one of your first tasks, you would create another
administrative ID and then
IBMUSER. IBMUSER has a predefined password of SYS1, which you must
change the first time you logon, and has the SPECIAL attribute to allow full
administration of RACF. As one of your first tasks, you would create another
administrative ID and then
″
revoke
″
IBMUSER to make it unusable by any other
users who might attempt to take control of your system.
Each TSO/E user has, as a minimum, a user ID and an associated LOGON
procedure. LOGON procedures will be covered in the next section. The user ID
can be from 1-7 alphameric characters beginning with an alphabetic or a
national character. An ICCF user ID is always four characters.
procedure. LOGON procedures will be covered in the next section. The user ID
can be from 1-7 alphameric characters beginning with an alphabetic or a
national character. An ICCF user ID is always four characters.
Each user will also have a password, which you assign initially when creating
the user
the user
′
s profile. RACF will mark this password as expired and require the user
to change it upon first logon. Each user may change the password periodically if
he or she desires, and through RACF
he or she desires, and through RACF
′
s options you may enforce such periodic
changes. For more information on this please refer to the
OS/390 Security Server
(RACF) Security Administrator
′
s Guide.
Copyright IBM Corp. 1998
155