Account Attributes

The authorized level at which the user can access the resource

The VM minidisks owned by the user

Specifies which action(s) Top Secret will take when access to a resource is attempted

The time interval before unattended or inactive terminals are locked

The lock time for all terminals connected to the specified facility

The language preference code the user

The volumes to which the user has access

Identifies the ACID name

Names can be up to 32 characters in length, must be surrounded by single quotes if embedded with blanks, and can use letters, numbers, and special characters.

Specifies which CICS transaction Top Secret automatically executes after an ACID successfully signs on to a facility

Note
If a SITRAN is added to an ACID that already has a CICS transaction defined, the transaction is replaced.

Defines the initial directory path. This is the initial directory used when a user enters the OMVS command or enters the ISPF shell. The HOME keyword accepts from one to 1024 characters. Both uppercase and lowercase characters are allowed. If HOME isn't defined, OpenEdition MVS sets the initial directory for the user to the root directory. HOME is optional.

XAUTH Resource Class Name

Used to assign or remove multiple password attributes, which means ACIDs need a different password to access each facility

Used to prevent data sets, created by an ACID, from being automatically secured by MVS by setting the RACF bit

NOADSP is used to define an ACID that will be used to create data sets that cannot be automatically protected by Top Secret.

Used to allow an audit of ACID activity

To prevent ACIDs from changing passwords at either sign-on or initiation

Used to support the physical identification of users through operator identification cards

Used to activate a diagnostic trace on all ACID activity (initiations, resource access, violations, user's security mode, etc.)

Used to prevent ACIDs from accessing the system when a violation occurs

Used to support the use of the multi-region option

Used to grant or remove an ACID's ability to modify control options. For VM, options are modified through the TSS MODIFY command only. With VSE and OS/390, options are modified at the O/S console or through the TSS MODIFY command function.

Used to specify that a profile will become, or will cease to be, globally administer-able.

Used to add or remove the DUFXTR attribute to an ACID. DUFXTR enables an ACID to use a RACROUTE REQUEST=AUTH (RACHECK) macro or the Top Secret Application Interface to extract installation data (INSTDATA) or field data from a Security Record. DUFXTR is a component of the Top Secret Dynamic Update Facility (DUF).

Used to add or remove the DUFUPD attribute to an ACID. DUFUPD enables an ACID to use the Top Secret Application Interface to update the installation data (INSTDATA) or field data from a Security Record. DUFUPD is a component of the Top Secret Dynamic Update Facility (DUF).

Used to support multiple TSO UADS passwords, on a user-by-user basis.

Used to prevent an ACID in CICS and IDMS from signing on through ATS (Automatic Terminal Signon).

Used to remove the suspension of an ACID that was suspended for administrative reasons.

Used to assign profiles to an ACID.

Used to assign a password, along with values that control its use, to a previously defined ACID.

The date, in string format, on which the password expires

The interval in which the password must be changed

The facility name applied to ACIDs with the multipw attribute.

Used to assign or remove a CICS operator identification value that is equal to the ACID's OPIDENT entry in the CICS SNT (Signon Table). The OPIDENT value is placed into the ACID's TCT at sign on.

Used to assign or remove a CICS operator priority from the associated ACID. The OPPRTY value is placed into the ACID's TCT (Terminal Control Table) at sign on.

Used to secure system programs and utilities.

Used to determine who has administrative authority on the application.

Used to provide a default procedure to be used for TSO logon.

The one- to eight-character logon procedure name. Procedure names are also TSO-related resources and the user must be permitted to any procedure name with which he attempts to log on.

Specifies the Division ACID to which the ACID is attached.

The name assigned to the ACID within the zone.

The date, in string format, on which the suspension ends

A list of resources that may be accessed by the ACID shown in the command, the level at which the ACID may access the resource, and the owner of the resource.

The default unit name to be used for dynamic allocations under TSO.

The one to eight-character unit (device) name for dynamically allocated data sets. The name must be a defined generic unit class name at the installation. This field is not alterable by the user at logon and is not required for successful logon.

PHYSKEY (physical security key) supports external authentication devices.

Used to specify which department, division, and zone to include.

The date on which the ACID was created

The date on which the ACID was last modified

The time at which the ACID was last modified

The room number assigned to the ACID

Used to give or to remove a Top Secret administrator's authority to perform one or more administrative functions.

Used to give or to remove a Top Secret administrator's authority to list the contents of the RDT, FDT, or STC or to use the ASUSPEND administrative function.

The minidisk authorization information for the ACID

Used to give Top Secret administrators the authority, or to remove their authority, to assign the SCOPE of an LSCA.

The name of the digital certification

The Department ACID to which the ACID is attached

The default group for the ACID

The resources owned by the ACID

The default options that a TSO user may specify at logon

The person to whom SYSOUT information should be delivered for this ACID

The SYSID (which is actually the SMFID) that the authorizations for the ACID apply to

The building in which the ACID is located

Default commands issued upon login of the ACID

The date, in string format, that the digital certification starts

The libraries for which the ACID has authority

Returns facility information for the ACID

The resource class for which the ACID has authority

The facilities to which the user has access

The default hold class for TSO-generated JCL for TSO the user

The date, in string format, on which the digital certification expires

The Zone ACID to which the ACID is attached

The name assigned to the ACID within the zone

Physical address for the ACID

Days of the week the ACID is authorized on this application

The ACID type, for example zone, division, or department

The size of the ACID

Alternative physical address for the ACID

To specify that no data set name check will be performed. Top Secret will bypass all data set access security checks. All data set access will be audited.

Used to allow an ACID to execute any command or transaction for all facilities, regardless of LCF (Limited Command Facility) restrictions. No auditing is done.

Used to allow an ACID to bypass alternate ACID usage as well as all job submission security checking. Thus, associated ACIDs may submit all jobs regardless of the (derived) ACID on the job card being submitted.

Used to allow an ACID to bypass security checking, including auditing, for all owned resources except data sets and volumes.

Used to allow an ACID to bypass all checking for minidisk links. All links will be audited.

NOVMDCHK is intended only to be applied to special products such as DASD space managers, which may link to many minidisks.

Used to allow an ACID to bypass suspension due to violations

The default destination identifier for TSO generated JCL for TSO users

The default TSO performance group

An additional resource class for which the ACID has authority

A Top Secret administrator's authority to perform one or more administrative functions

IDs of the groups to which the ACID belongs

The site-defined data fields for a TSO user

The maximum region size (in kilobytes) that the TSO user can specify at logon

The date on which the ACID expires

The default SYSOUT class for TSO generated JCL for the TSO users

The Department ACID to which the ACID is attached

The name assigned to the ACID within the department

Date the ACID was last used

Time the ACID was last used

Name of the CPU on which the ACID was used

System facilities defined to Top Secret: BATCH, STC, TSO, IMS, CICS, NCCF, Roscoe, WYLBUR, or any installation-defined facility

Used to allow TSS administrators to list data about fields in a specific segment

The default job class for TSO generated job cards from TSO users

The default account number used for TSO logon

The default region size (in kilobytes) for TSO

The user's OpenEdition MVS shell program. This is the first program started when the OMVS command is entered, or when an OpenEdition MVS batch job is started using the BPXBATCH program.

The default storage keyword for the ACID

The unique user ID for the ACID

Alternative physical address for the ACID

The program pathing, if privileged program is in use

The time zone attached to the ACID

Used to record or remove information about an ACID. Up to 255 characters of information about an associated ACID may be used for convenient record keeping, or for interrogation by a user-written Installation Exit.

Alternative physical address for the ACID.

The Group ACID to which the ACID is attached

The default message class for TSO generated JCL for TSO users

To give, or to remove, a TSS administrator's authority to perform one or more high-level administrative functions