Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Job variables as the object of system monitoring

&pagelevel(3)&pagelevel

When the software product SECOS is used, job variables belong to the objects which can be monitored with the function unit SAT (JOB VARIABLES object).

SAT allows logging of accesses to the Job Variables object. Logging of a particular access (e.g. reading a JV) occurs when the security administrator has allowed the Job Variables object to be used for monitoring. In addition, the security administrator can make logging of a particular access dependent on the result: successful (SUCC) or unsuccessful (FAIL). The result (SUCC or FAIL) and the fully qualified or partially qualified job variable name or a wildcard string are logged for job variables. Logging of the return information from JV can also be allowed. The default value here is *NONE; this remains unchanged in the case of the result “successful access” (SUCC).
General errors occurring during access are not logged (syntax error, parameter list error, incorrect job variable name). Accesses by the operator are similarly not logged by SAT (except to the CONSLOG file).
System monitoring with SAT is described in detail in the manual “SECOS” [ 9].

The events described below can be selected for the JOB VARIABLES object. The short name for the event is given first, followed by the commands and macros which can trigger the event:

JVC

Create job variable entry (and the protection attributes): 
CREATE-JV command or CATJV macro with STATE=NEW; also SET-JV-LINK command or DCLJV macro if a non-existent job variable is set up.

JVM

Modify protection attributes of a job variable:
MODIFY-JV-ATTRIBUTES command or CATJV macro with STATE=UPDATE.

JVR

Rename job variable:
NEW-NAME is specified in the MODIFY-JV-ATTRIBUTES command or a second JV name is given in the CATJV macro with STATE=UPDATE. If protection attributes are also modified at the same time, then a second SAT record is written for the event JVM.

JVA

Rename job variable with reconstruction via the ARCHIVE utility routine.

JVD

Delete job variable entry (and the protection attributes): 
DELETE-JV command and ERAJV macro. When using a partially qualified JV name or wildcards, the list of the affected job variables is not logged. During deletion, a SAT record is written for an affected job variable.
If only the value of the job variable is deleted (OPTION=DATA or DATA=YES), this is only a write access (see event JVS).

JVQ

List information about job variables (and the protection attributes): SHOW-JV-ATTRIBUTES command or STAJV macro.
A specified partially qualified JV name or wildcard string is also logged. A SAT record is written for each affected job variable.

JVG

Read job variable value:
SHOW-JV command or GETJV macro, when used in conditional expressions and in the job variable substitution.

JVS

Write job variable value:
MODIFY-JV, MODIFY-JV-CONDITIONALLY, MODIFY-MONJV commands or SETJV, CSWJV, TIMJV macro calls.

If the value to be set is taken over from a job variable, then a further SAT record is written for read access to this job variable (see event JVG).

Logging of a specific access to the JOB VARIABLES object can be made dependent on the following information:

JVNAME

Fully or partially qualified job variable name

JVPATRN

Wildcard pattern

NEWJV

New job variable name

JVSRC

Return code information

The table below shows which information is mandatory (M), optional (O) or not essential (“-”) in order to enable certain events to be logged for the JOB VARIABLES object

Information

Event

JVA

JVC

JVD

JVG

JVM

JVQ

JVR

JVS

JVNAME

M

M

M

M

M

O 1)

M

M

JVPATRN

-

-

-

-

-

O 1)

-

-

JVSRC

O

O

O

O

O

O

O

O

NEWJV

M

-

-

-

-

-

M

-

Table 36: Information dependencies for logging an access to the JOB VARIABLES object

1Either of the two is required.

Powered by Atlassian Confluence and Scroll Viewport.