The define_security_access_list command defines a list of users who can access a particular
local LU or invokable TP, so that access to that LU or TP is restricted
to the named users. It can also be used to add user names to an
existing security access list. The user names in the list are defined
using the define_userid_password command.
To restrict access for a particular local LU or invokable
TP, you need to do the following:
Ensure that each authorized user of
the LU or TP is defined using the define_userid_password command.
Use the define_security_access_list command to define a security access list containing all
of these user IDs.
Specify the name of this security access list on
the define_local_lu or define_tp command that defines the LU or TP.
When an incoming Allocate request arrives for a local LU or
an invokable TP that has a security access list defined, the invoking
application must indicate that conversation security is to be used,
and specify a user ID. In addition to the standard conversation
security checking (against user IDs specified using the define_userid_password command), SNAplus2 checks the user ID in the incoming
allocate request against the security access list defined for the
LU or TP, and rejects the conversation if the user ID does not match.
If both the LU and the TP have security access lists defined, the
user ID must be in both lists.
If a local LU or an invokable TP does not have a security
access list defined, but is still configured to require conversation
security, the standard conversation security checking still applies.
Supplied Parameters |
 |
Parameter name Type Length Default
[define_security_access_list]
list_name character 14
description character 31 (null string)
{security_user_data}
user_name character 10
|
Supplied parameters are:
- list_name
The name of the security access list. This name
is a character string of 1 - 14 locally displayable characters.
If this name matches an existing security access list, the
users defined by this command are added to the list; otherwise,
a new list is created.
- description
An optional string of 0 - 31 characters. SNAplus2
uses this string for information only. It is stored in the configuration
file and returned on the query_security_access_list command.
One or more security_user_data subrecords may follow. Each subrecord contains
the following additional parameter:
- user_name
Name of the user. This is a user ID defined using
the define_userid_password command.
Returned Parameters |
|
No parameters are returned by SNAplus2 when this command executes successfully.
Error Return Codes |
|
If the command cannot be executed, SNAplus2 returns a primary
return code to indicate the type of error and a secondary return
code to provide specific details about the reason for unsuccessful
execution.
If the command does not execute because of a parameter error,
SNAplus2 returns the following parameters:
- primary_rc
PARAMETER_CHECK
- secondary_rc
One of the following:
- INVALID_LIST_NAME
The supplied list_name parameter contained a character
that was not valid.
- INVALID_USER_NAME
One or more of the specified user names was not
valid.
Printable version
