The following glossary contains definitions and explanations of terms that are used within this manual in connection with the description of functional units.

access authorization

Defines the subjects that are permitted to access an object and also the type of access permitted.

access rights

Rights assigned to a subject granting it a defined type of access to an object.

access type

General meaning: the access type defines the way in which an object may be accessed.

The following access types exist for files: read, write and execute access.

The following access types exist for job variables: read and write access.

The access type relating to memory pools is ’enable memory pool’ (ENAMP).The access type relating to serialization is ’enable serialization ID’ (ENASI).

The access type relating to eventing is ’enable eventing ID’ (ENAEI).

account number

Designates an account for a user ID. Any one account number can be assigned to more than one user ID; any one user ID can be assigned more than one (up to 60) account numbers. The account number is evaluated during SET-
LOGON-PARAMETERS (resp. LOGON) and ENTER-JOB.

assurance level

Hierarchical classification with regard to the assurance (quality) of an IT system. In the evaluation, the assurance of an IT system is rated. On the basis of this rating, classification at one of the assurance levels Q0 to Q7 takes place.

attribute guard

Special guard in which the default values for object protection attributes are stored.

auditing

Basic function of a secure system, denoting the logging of operations and the editing of the recorded data.

authentication

Evidence of the claimed identity.

authorized user

Subject authorized to access an object, e.g. a user ID authorized to access a file.

BACL

see basic access control list

basic access control list (BACL)

Entries in the file directory which determine the access rights for files and job variables (read, write and execute access) assigned to the object owner, the owner’s user group and all other user IDs. (Not to be confused with the access control list, ACL.)

catalog ID

Pubset identifier consisting of a maximum of 4 characters <cat-id 1...4>.

command profile

see profile

co-owner

User ID that the owner of an object authorizes to co-administer his/her object.

co-ownership

Authorization to co-administer other user’s objects.

co-owner protection

Special access protection for objects that can be co-administered by other user IDs

co-owner protection rule

Rule, applying to one or more objects, which defines the conditions a user ID must fulfil in order to be a co-owner of these objects.

CONSLOG file

Logging file in which the entire message traffic taking place between operator terminals, authorized user programs and the system is recorded.

data access control

Data access control refers to the rules regulating the access of subjects to the objects of a DP system, as well as to the methods used to ensure that these rules are actually observed.

data privacy

In its narrower sense as defined in the Federal Data Protection Act, data privacy denotes the actions and measures necessary to counteract any impairment of the confidential interests of the individual citizen by protecting his or her personal data against the inappropriate use of data processing.

In a broader sense, data privacy denotes the actions and measures necessary to counteract any impairment of one’s own confidential interests or those of others by protecting data against inappropriate use at the various stages of data processing.

Within a company or institution, data privacy is put into practice by

• • • observing the relevant principles and guidelines set up by the company or institution itself

    • observing the prevailing legal regulations

    • exercising due awareness of the problems involved

    • applying data protection measures in accordance with the proclaimed purpose.

data protection

Designates the technical and organizational actions and measures necessary to safeguard the security of data and data processing operations. This involves in particular

• • • restricting data access to authorized users

    • preventing the undesired or unauthorized processing of data

    • preventing data corruption during processing

    • ensuring data reproducibility.

This task is performed by

• • • implementing technical and organizational precautions and measures in both hardware and software

    • taking other organizational as well as physical and personnel precautions and measures.

default protection

Protection mechanism used to make default settings for protection attributes.

default protection rule

Rule, applying to one or more objects, which defines what protection attributes these objects have by default.

file directory (catalog)

File that exists on each pubset (in the case of SM pubsets, on each volume set). 
Each file and each job variable of a pubset is entered in the appropriate file directory. Files on private disks and tapes may be entered in the file directory. 
A directory entry contains all the attributes (protection attributes, location of managed data etc.) of a file or job variable except the access control list.

filter

Mechanism for refining the preselection for SAT.

first start

The first start incorporates the creation of new system files, a number of system user IDs (e.g. TSOS, SYSPRIV, SYSDUMP, SERVICE, SYSGEN, SYSNAC, SYSHSMS, SYSUSER, SYSSNAP, SYSSPOOL, SYSAUDIT) and the JOIN file. 
There are two alternative ways of executing a first start for a specific pubset: either system start with this pubset or IMCAT processing (logical addition of a pubset).

function accumulation (combination)

In order to avoid function accumulation, any ADD-USER-GROUP or MODIFY-USER-GROUP command will be rejected that specifies the designation as a group administrator on a particular pubset of a user ID which already possesses the USER-ADMINISTRATION privilege on that pubset or on the home pubset. Similarly, any attempt to assign the USER-ADMINISTRATION privilege to a user ID on a particular pubset (SET-PRIVILEGE) will be rejected if that user ID has already been designated as a group administrator on that pubset.

functionality class

Set of specific minimum requirements as to the functionality of security 
functions which an IT system is expected to satisfy. 
The various functionality classes have been defined in the "Criteria for the Evaluation of Trustworthiness of Information Technology (IT) Systems", 1st Version 1989, published by the German Information Security Agency on behalf of the Government of the Federal Republic of Germany.

global privileges

All the privileges that can be assigned by means of the SET-PRIVILEGE command, as well as the privilege of the security administrator and the 
privileges assigned to the TSOS user ID. A detailed list of these privileges can be found under "System administrator privileges". 
’Global privileges’ and ’system administrator privileges’ are synonymous.

global user administration

All those user IDs which are assigned the global privilege USER-
ADMINISTRATION.

group administrator

User whose user ID is authorized, via assignment of the group administrator privilege, to manage the group potential, group members and the subordinate group structure. The user ID that is assigned the group administrator privilege is recorded in the group potential of its group.

group administrator privilege

Authorizes a user ID to manage the user IDs of its own group, subordinate user groups, and individual user groups of a hierarchically lower level. Three variants of the group administrator privilege exist, which differ in the scope of activities permitted: MANAGE-RESOURCES, MANAGE-MEMBERS and MANAGE-GROUPS.

group entry

Records in the JOIN file (old name: $TSOS.TSOSJOIN, new name see user catalog), containing information on a user group.

group ID

Name of a user group which is assigned when creating the user group. It is used to address the user group.

group member

User ID within a user group. The group administrator can assign individual group members resources from the group potential.

group potential

Contains all the resources and user rights defined for a user group that can be allocated or assigned to the members of that user group or to subordinate user groups.

guard

Protection profile that can be set up and administered using the GUARDS protection mechanism.

GUARDS

(Generally Usable Access contRol aDministration System): 
Universal protection mechanism for objects in BS2000.

identification

Method of determining the identity of a person or object.

installation

• • • The process of placing hardware and software in location so that operation is possible.

    • The hardware and software set up at a particular user’s site.

IT security criteria

see security criteria

JOIN file (user catalog)

System file created on each pubset which contains the attributes of the user IDs that are authorized to use the pubset. 
If stored on disks initialized with a PAM key, the JOIN file actually consists of two files: $TSOS.TSOSJOIN and $TSOS.SYSSRPM. 
If stored on disks initialized without a PAM key, the JOIN file is identical with the file $TSOS.SYSSRPM.

object

Passive element of a DP system which contains or receives information and to which operations such as reading, writing, execution etc. can be applied.

Examples: files, job variables, user IDs, terminal sets.

offline mode

• • • A functional unit is in offline mode if it is not under the direct control of the CPU.

    • Operating mode of a device that is neither under the control of nor 
      connected up with a computer (as opposed to online mode).

online mode

• • • A functional unit is in online mode if it is under the direct control of the CPU.

    • Operating mode which permits users to work interactively with a computer.

    • Operating mode in which users have access to a computer via data display terminals.

    • Operating mode of a device that is either under the control of or connected up with a computer (as opposed to offline mode).

operator role

A set of routing codes collected together under one name. Any desired combination of the 40 routing codes is possible.

owner

User ID under which an object is set up.

password

Character string which the user has to enter in order to be granted access under a user ID or access rights for a file, job variable, node or application. 
User ID-specific passwords are used for user authentication and thus for system access control, while file-specific passwords are used for verifying access authorizations relating to a file (or job variable) and thus for data access control.

personal audit for individual accountability

Function which ensures the reproducibility of operations in a DP system. Identification mechanism based on any of the following three principles: definition of one user ID per user or restriction of a user’s system access to a specific terminal.

personal identification

Other user IDs apart from the current user ID may be authorized to perform access. During the interactive access check, a personal identification/ authentication is performed. The user ID specified with the user-specific 
identification is taken over into the SAT entries. In this way, it is possible to trace individual actions to specific users

privilege

Global right which provides authorization for the execution of certain commands and activation of certain program interfaces (e.g. SECURITY-ADMINISTRATION)

privilege set

A set of global privileges which can be addressed with a freely selectable name.

profile

Set of commands which a user ID is authorized to use by means of a syntax file.

protection attributes

Security-relevant attributes of an object which determine the type and scope of access to this object. Files can have the following protection attributes: 
ACCESS/USER-ACCESS, SERVICE bit, AUDIT attribute (NONE/SUCCESS/FAILURE/ALL), RDPASS, WRPASS, EXPASS, RETPD, BACL, ACL.

public space

Named disk storage area available to a defined number of user IDs in the operating system. Public space can extend over one or more pubsets.

pubset

Set of public disk storage units defined by a catalog ID. 
A distinction is made between single-feature pubsets (SF pubsets) and system-managed pubset (SM pubset). 
An SF pubset comprises one or more disks which must be matching in respect of their essential characteristics (disk format, allocation unit, availability). 
By contrast, an SM pubset may comprise a number of so-called volume sets having differing characteristics. The essential characteristics of the disks only need to be matching within a volume set.

retention period

Period of time during which the modification or deletion of an object (e.g. a file) is prohibited.

role

Grouping of attributes assigned to a subject, e.g. the role of the security administrator.

rule

Entry in a rule container. 
A distinction is made between co-ownership rules and default protection rules depending on their purpose.

rule container

Special guard which contains co-ownership rules or default protection rules.

SAT 
Security Audit Trail

Logging of security-related events.

SATLOG file

SAT log file in which SATCP records security-relevant events.

secure BS2000 system

BS2000 system that is the result of a secure generation. 
Synonyms: ’F2/Q3 system’ or ’evaluated system’. The opposite of a ’secure BS2000 system’ is not an ’insecure BS2000 system’, but rather a system that may include non-evaluated components, that does not satisfy the F2/Q3 criteria, or whose mode of operation does not conform with the recommended configuration.

secure generation

Generation of a BS2000 system that makes active use of all security-relevant parameter settings which guarantee system security.

secure hardware configuration

Installed hardware (including telecommunication devices and network) that is not subject to any security constraints.

security administrator

• • • In the traditional sense: organizational/administrative institution responsible for security.

    • The user ID for the security administrator can be selected with the aid of the startup parameter service. By default, the security administrator has the user ID SYSPRIV. The security administrator is authorized to assign global privileges to user IDs and to withdraw such privileges, as well as to activate/deactivate auditing via SAT, to administer operator roles and to select user IDs and events for auditing.

security criteria

Criteria used to assess the security of information technology (IT) systems. 
They comprise functionality classes and assurance levels and are represented as Fx/Qy (functionality class x and assurance level y); F2/Q3, for instance, denotes functionality class 2 and assurance level 3.

session

Operations/activities taking place between system startup and system shutdown.

SF pubset

Single-feature pubset, see pubset

single-feature pubset

see pubset

Single Sign On

Mechanism which permits access to various computers and applications after a one-off identification/authentication. This access is controlled by certificates.

SM pubset

System-managed pubset, see pubset

SMS

System-managed storage; concept for pubset management.

SRPM (System Resources and Privileges Management)

In BS2000, resources and privileges are usually administered from the TSOS user ID. SRPM allows these tasks to be approved for other user IDs as well, in other words it makes it possible to distribute the tasks.

subject

Active element of a DP system that may be the originator of such operations as reading, writing, execution etc., i.e. of operations resulting in an information flow or in a change in the system status (e.g. user ID, program, program section).

system access class

SECOS distinguishes between the following system access classes:

• DIALOG-ACCESS (access in interactive mode)
• NET-DIALOG-ACCESS (interactive access from the network)
• BATCH-ACCESS (access by remote batch terminals)
• OPERATOR-ACCESS-TERM (operating mode)
• OPERATOR-ACCESS-PROG (operating mode for programmed operators)
• OPERATOR-ACCESS-CONS (console access)
• POSIX-RLOGIN-ACCESS (POSIX remote login)
• POSIX-REMOTE-ACCESS (POSIX remote command access)

system access control

This covers all the methods that serve to protect a DP system against 
unauthorized access.

system administration

• • • Structural unit of a computer center.

    • Persons in control of user IDs that have been assigned global privileges.

system administrator privileges

see global privileges

system-managed pubset

see pubset

system resources

Resources of a computer system that can be requested/released by a job or task.

system shutdown

Orderly system termination (including backup of special system files).

system startup

Loading of operating system software. The following types of system startup are distinguished:

• • • dialog startup

    • fast startup

    • automatic startup

These types of system startup differ in their degree of automation.

terminal

I/O device consisting of a keyboard and a screen and connected to a host computer via network software. 
The terminal may be connected to the host either directly (via a local cluster controller) or indirectly via a communication computer (in which case it is addressed via a station or transport system address).

terminal set

The purpose of terminal sets is to permit the effective administration of the various terminals via which interactive mode access to a user ID is possible. terminal sets contain a list of fully and partially qualified terminal names.

user

Each user is represented by a user ID. The term "user" refers to persons, applications, procedures etc. that may be granted access to the operating system and thus to the computer via a user ID.

user administration

All those user IDs of a DP system which are authorized to regulate the allocation of resources and the assignment of user rights to user IDs and user groups and to create, modify and delete user IDs and user groups. They include the group administrators as well as global user administration.

user attributes

All the characteristic features of a user ID which are stored in the user catalog.

user command

Command which may be issued under any user ID either in system mode (/) or in program mode by means of a CMD macro.

user group

Consists of one or more user IDs. Each user group is assigned a name (group ID).

user ID

Name of up to 8 characters entered in the user catalog. The user ID is used for identification for system access. The files and job variables managed by the operating system are assigned to a particular user ID. The assignment is recorded in the file directory.

user ID catalog

The file $TSOS.SYSSRPM which contains the user attributes of all user IDs of a pubset. 
Synonym: user catalog

user organization

The organization of user IDs in user groups. It permits both the emulation of existing organizational structures and the project-oriented grouping of users.

user privilege

All those attributes assigned to a user ID and stored in the user ID catalog that convey rights.