A lock code is a number which symbolizes a logical lock. The objects that are to be protected - for example, the LTERM partner and the transaction codes assigned to the services - are assigned a lock code (TAC or LTERM statement).
Key codes are defined for user IDs and for LTERM partners (USER or LTERM statement). Only when the key code corresponds to the lock code of a protected object is access to this object permitted.
Since a user ID or LTERM partner usually has access to several services, they must also have several key codes. The individual key codes are thus organized into key sets (KSET statement).
The lock/key code concept has the following significance:
It is only possible to sign on under a UTM user ID if the specified user ID is assigned a key code which corresponds to the lock code of the LTERM partner via which sign-on is performed.
A user can only call a service when both the key set of the current (UTM) user ID and that of the LTERM partner contain a key code that corresponds to the lock code of the transaction code.
| KSET statement in section "KSET - define a key set" |
keysetname
Name of the key set.
KEYS=
When assigning a key set to a user (USER):
Specification of one or more key codes (numeric) that are assigned to the user.When assigning a key set to an LTERM partner (LTERM):
Specification of one or more key codes (numeric) that are assigned to the LTERM partner.
| TAC statement in section "TAC - define the properties of transaction codes and TAC queues" |
tacname
Name of the TAC.
LOCK=
Specifies the lock code that is assigned as a form of logical combination lock to the TAC of a service.
A service that is protected by a lock code can only then be started if the key set of the user and the key set of the LTERM partner both contain a key code that corresponds to the lock code.
This operand may not be specified in conjunction with the operand ACCESS-LIST=.
| USER statement in section "USER - define a user ID" |
username
UTM user ID.
KSET=
Specifies the name of the key set that is assigned to the user ID. The key set must be defined using the KSET statement. A maximum of one key set can be assigned to a user.
A user is only able to access a service whose first TAC is protected by a lock code if one of the key codes in the key set of the user corresponds to the lock code. Otherwise access to the service is denied.
| LTERM statement in section "LTERM - define an LTERM partner for a client or printer" |
ltermname
Name of the LTERM partner (only for LTERM statement).
LTERM= , NUMBER=
Name of the LTERM partner (only for TPOOL statement).
KSET=
Specifies the name of the key set that is assigned to the LTERM partner. The key set must be defined using the KSET statement. For the LTERM partners of a UPIC client or a TS application without an explicitly generated connection user ID this key set is also the key set of the connection user ID.
USER-KSET= (only for TPOOL statement)
In LTERM pools for TS applications or UPIC clients this specifies the name of the key set that is assigned to the connection user ID. This key set must be defined using the KSET statement. The access authorizations are derived from the intersection of the key sets from KSET= and USER-KSET=.
LOCK=
The lock code that is assigned to the LTERM partner as the logical combination lock. Only valid for clients (USAGE=D).
Only a (UTM) user for whom a key set has been generated with a key code that matches the lock code of the LTERM partner can sign on to the application via an access-controlled LTERM partner.