Component Security Tasks
For general use, Serena XML supports the following application-level component security tasks:
-
Check Component Security - CMPONENT APL_SECR CHECK
-
Find Component Authorized Users - CMPONENT APL_SECR FIND
-
List Component Authorized Users - CMPONENT APL_SECR LIST
These application-level security tasks share the following scope name attribute:
<scope name="apl_secr">
Serena XML supports the following global-level component security task:
- List Global Component Authorized Users - CMPONENT GBL_SECR LIST
This global-level security task has the following scope name attribute:
<scope name="gbl_secr">
Check Component Security - CMPONENT APL_SECR CHECK
Serena XML lets you determine whether a specific user is authorized to access a particular component. The service/scope/message name attributes for this message are:
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="CHECK">
These tags appear in both request and reply messages.
CMPONENT APL_SECR CHECK — Requests
Example XML — CMPONENT APL_SECR CHECK Request
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="CHECK">
<header>
<subsys>8</subsys>
<product>CMN</product>
</header>
<request>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<applName>ACTP</applName>
<user>USER24</user>
</request>
</message>
</scope>
</service>
CMPONENT APL_SECR CHECK — Requests
A request to check a user’s security authorization for access to a component must satisfy the data structure requirements in Exhibit 5-39.
Exhibit 5-45 Check Component Security <request> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <applName> | Required | 0 - 1 | String (4), variable | ZMF application name. Same as first 4 bytes of package name. |
| <component> | Required | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. |
| <componentType> | Required | 1 | String (3), variable | ZMF component library type. |
| <user> | Optional | 1 | String (8), variable | TSO ID of user to be checked for authorization to access component. |
CMPONENT APL_SECR CHECK — Replies
No <result> tag is returned in response to a request to check a user’s authorization to access a component. However, the standard <response> data structure of the reply message contains the necessary information in the <statusReturnCode> tag and its associated <statusMessage> tag.
CMPONENT APL_SECR CHECK — Reply
Example XML — CMPONENT APL_SECR CHECK Reply
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="CHECK">
<response>
<statusMessage>CMN8700I - CHECK service completed</statusMessage>
<statusReturnCode>00</statusReturnCode>
<statusReasonCode>8700</statusReasonCode>
</response>
</message>
</scope>
</service>
For more information about specific return code values and what they mean in the context of this function, see the documentation for your mainframe security system.
Find Component Authorized Users - CMPONENT APL_SECR FIND
A Serena XML message to find authorized users for a specific component in an application has the following service/scope/message name attributes:
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="FIND">
These tags appear in both request and reply messages.
CMPONENT APL_SECR FIND — Requests
Example XML — CMPONENT APL_SECR FIND Request
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="FIND">
<header>
<subsys>8</subsys>
<product>CMN</product>
</header>
<request>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<applName>ACTP</applName> </request>
</message>
</scope>
</service>
The <request> tag in a Serena XML request to find the authorized users of a specific component in an application has the data structure requirements in Exhibit 5-40.
Exhibit 5-46 CMPONENT APL_SECR FIND <request> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <applName> | Required | 0 - 1 | String (4), variable | ZMF application name. Same as first 4 bytes of package name. |
| <component> | Required | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. |
| <componentType> | Required | 1 | String (3), variable | ZMF component library type. |
CMPONENT APL_SECR FIND— Reply
The Serena XML reply message for a request to find the authorized users of a specific component in an application returns zero to many <result> tags. Each <result> tag contains security information for a particular TSO user ID authorized to access the named component.
A standard <response> data structure follows the <result> tags, if any, to indicate the success or failure of the request. Successful requests have a return code of 00. Unsuccessful requests have a return code of 04 or higher. As the last data element returned in a Serena XML reply message, the <response> tag serves as an end-of-list marker.
Example XML — CMPONENT APL_SECR FIND Reply
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="FIND">
<result>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<applName>ACTP</applName>
<user>USER24</user>
<isEntity>N</isEntity>
</result>
<response>
<statusMessage>CMN8700I - FIND service completed</statusMessage>
<statusReturnCode>00</statusReturnCode>
<statusReasonCode>8700</statusReasonCode>
</response>
</message>
</scope>
</service>
Data structure details for the <result> tag are identical to those for CMPONENT APL_SECR LIST. See Exhibit 5-42.
List Component Authorized Users - CMPONENT APL_SECR LIST
A Serena XML message to list authorized users for components in a particular application has the following service/scope/message name attributes:
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="LIST">
These tags appear in both request and reply messages.
CMPONENT APL_SECR LIST — Requests
Example XML — CMPONENT APL_SECR LIST Request
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="LIST">
<header>
<subsys>8</subsys>
<product>CMN</product>
</header>
<request>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<applName>ACTP</applName>
</request>
</message>
</scope>
</service>
The <request> tag in a Serena XML request to list the authorized users of a component in a particular application has the data structure requirements in Exhibit 5-41.
Exhibit 5-47 CMPONENT APL_SECR LIST <request> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <applName> | Required | 0 - 1 | String (4), variable | ZMF application name. Same as first 4 bytes of package name. |
| <component> | Required | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. NOTE: May be masked using asterisk (*) wildcard character. |
| <componentType> | Required | 1 | String (3), variable | ZMF component library type. |
| <exactMatch> | Optional | 0 - 1 | String (1) | Y = exact match, no filtering N = filtering, no exactmatch |
CMPONENT APL_SECR LIST— Reply
The Serena XML reply message for a request to list the authorized users of a component in a particular application returns zero to many <result> tags. Each <result> tag contains security information for a particular TSO user ID authorized to access the named component.
A standard <response> data structure follows the <result> tags, if any, to indicate the success or failure of the request. Successful requests have a return code of 00. Unsuccessful requests have a return code of 04 or higher. As the last data element returned in a Serena XML reply message, the <response> tag serves as an end-of-list marker.
Example XML — CMPONENT APL_SECR LIST Reply
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="APL_SECR">
<message name="LIST">
<result>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<applName>ACTP</applName>
<user>USER24</user>
<isEntity>N</isEntity>
</result>
<response>
<statusMessage>CMN8700I - LIST service completed</statusMessage>
<statusReturnCode>00</statusReturnCode> <statusReasonCode>8700</statusReasonCode>
</response>
</message>
</scope>
</service>
Data structure details for the <result> tag appear in Exhibit 5-42.
Exhibit 5-48 CMPONENT APL_SECR LIST <result> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <applName> | Optional | 0 - 1 | String (4), variable | ZMF application name. Same as first 4 bytes of package name. |
| <component> | Optional | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. |
| <componentType> | Optional | 1 | String (3), fixed | ZMF component library type. |
| <isEntity> | Optional | 1 | String (1) | Y = Yes, security entity (group) N = No, not a security entity |
| <user> | Optional | 1 | String (8), variable | TSO ID of authorized component user or security entity (group). |
List Global Component Authorized Users - CMPONENT GBL_SECR LIST
A Serena XML message to list authorized users for components in all applications has the following service/scope/message name attributes:
<service name="CMPONENT">
<scope name="GBL_SECR">
<message name="LIST">
These tags appear in both request and reply messages.
CMPONENT GBL_SECR LIST — Requests
Example XML — CMPONENT GBL_SECR LIST Request
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="GBL_SECR">
<message name="LIST">
<header>
<subsys>8</subsys>
<product>CMN</product>
</header>
<request>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
</request>
</message>
</scope>
</service>
The <request> tag in a Serena XML request to list the authorized users of a component in any application has the data structure requirements in Exhibit 5-43.
Exhibit 5-49 CMPONENT GBL_SECR LIST <request> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <component> | Required | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. NOTE: May be masked using asterisk (*) wildcard character. |
| <componentType> | Required | 1 | String (3), variable | ZMF component library type. |
| <exactMatch> | Optional | 0 - 1 | String (1) | Y = exact match, no filtering N = filtering, no exactmatch |
CMPONENT GBL_SECR LIST— Reply
The Serena XML reply message for a request to list the authorized users of a component in any application returns zero to many <result> tags. Each <result> tag contains security information for a particular TSO user ID authorized to access the named component.
A standard <response> data structure follows the <result> tags, if any, to indicate the success or failure of the request. Successful requests have a return code of 00. Unsuccessful requests have a return code of 04 or higher. As the last data element returned in a Serena XML reply message, the <response> tag serves as an end-of-list marker.
Example XML — CMPONENT GBL_SECR LIST Reply
<?xml version="1.0"?>
<service name="CMPONENT">
<scope name="GBL_SECR">
<message name="LIST">
<result>
<component>ACPSRS00</component>
<componentType>SRS</componentType>
<user>USER24</user>
<isEntity>N</isEntity>
</result>
<response>
<statusMessage>CMN8700I - LIST service completed</statusMessage>
<statusReturnCode>00</statusReturnCode>
<statusReasonCode>8700</statusReasonCode>
</response>
</message>
</scope>
</service>
Data structure details for the <result> tag appear in Exhibit 5-44.
Exhibit 5-50 CMPONENT GBL_SECR LIST <result> Data Structure
| Subtag | Use | Occurs | Data Type & Length | Values & Dependencies |
|---|---|---|---|---|
| <component> | Optional | 1 | String (256), variable | ZMF component name. If component is PDS member, this is member name (max 8 bytes, no qualifiers). If component is HFS file, this is Unix-style long file name, optionally prefixed by path from installation root. |
| <componentType> | Optional | 1 | String (3), fixed | ZMF component library type. |
| <isEntity> | Optional | 1 | String (1) | Y = Yes, security entity (group) N = No, not a security entity |
| <user> | Optional | 1 | String (8), variable | TSO ID of authorized component user or security entity (group). |