SECOS V5.6 (en)

Domain:	USER-ADMINISTRATION
Privileges:	STD-PROCESSING, SECURITY-ADMINISTRATION, USER-ADMINISTRATION

This command displays the protection attributes or access history of a user ID.

The scope of the information output varies depending on the command-issuing user:

the global user administrator (USER-ADMINISTRATION) may request information about all user IDs on all pubsets
group administrators may request information about all user IDs of their own group and the subordinate group structure on the specified pubset
all other users may request information about their own user ID only

If USER-ID=*ALL is specified, the scope of information actually output is dependent on the rules set out above.

SHOW-LOGON-PROTECTION
Alias: SHLGPT

USER-IDENTIFICATION = ALL / list-poss(48): OWN / <name 1..8 with-wild(32)>
,PUBSET = ALL / list-poss(2000): HOME / <cat-id 1..4>
,OUTPUT = list-poss(2): SYSOUT / SYSLST
,INFORMATION = ATTRIBUTES(...) / LOGON-HISTORY(...)
	*ATTRIBUTES(...)
		\|	SCOPE = LOGON-DEFAULT / USER-IDENTIFICATION / *ALL
	*LOGON-HISTORY(...)
		\|	ACCESS-TYPE = ALL / list-poss(6): DIALOG / BATCH / POSIX / OPERATOR / FT
		\|	,RESULT = ALL / ACCEPTED / LAST-ACCEPTED / REJECTED
		\|	,SORT-LIST = BY-DATE-AND-TIME / BY-ACCESS-TYPE
		\|	,LINES = *STD / <integer 1..40>
		\|	,PRINCIPAL = SHORT / FULL

USER-IDENTIFICATION = *ALL / list-poss(48): *OWN / <name 1..8 with-wild>
User IDs whose protection attributes or access history are to be output.

PUBSET = *ALL / list-poss(2000): *HOME / <cat-id 1..4>
Pubset whose user catalog is to be evaluated.

PUBSET = *ALL
All accessible pubsets are to be evaluated.

PUBSET = *HOME
The user catalog of the home pubset is to be evaluated.

PUBSET = <cat-id 1..4>
The user catalog of the specified pubset is to be evaluated.

OUTPUT =
This defines the output medium for the requested information.

OUTPUT = *SYSOUT
The information is output to the system file SYSOUT (in interactive mode to the data display terminal).

OUTPUT = *SYSLST
The information is output to the system file SYSLST.

INFORMATION = *ATTRIBUTES(...) / *LOGON-HISTORY(...)
Specifies the scope of the output.

INFORMATION = *ATTRIBUTES(...)
The protection attributes are output.

SCOPE =
Specifies which protection attributes are output.

SCOPE = *LOGON-DEFAULT
The protection attributes for access control which are currently effective are output.

In addition to the attributes which have been defined explicitly for the user ID, the current default attributes for access control are displayed, provided they apply for the user ID.

SCOPE = *USER-IDENTIFICATION
The attributes for which the default attributes for access control apply are output, together with the attributes which were explicitly specified for the user ID.

SCOPE = *ALL
In addition to the attributes that were explicitly specified for the user ID, the output shows the current default attributes for the access control, as far as they are valid for the user ID. The default attributes are marked with an asterisk (*).

INFORMATION = *LOGON-HISTORY(...)
The access history, i.e. information about the last ten access attempts, is output (see also section "Single Sign On with Kerberos").

ACCESS-TYPE =
Selects the access types that are to be logged.

ACCESS-TYPE = *ALL
All access attempts are logged independently of their type.

ACCESS-TYPE = list-poss(6): *DIALOG / *BATCH / *POSIX / *OPERATOR / *FT
Only access attempts of the specified type are logged: Dialog, Batch, POSIX, Operating and File-Transfer.

RESULT =
Controls logging as a function of the result of the access attempts.

RESULT = *ALL
The access attempts are logged independently of their result.

RESULT = *ACCEPTED
Successful attempts are logged.

RESULT = *LAST-ACCEPTED
Only the last successful attempt for each access type is logged.

RESULT = *REJECTED
Unsuccessful access attempts are logged.

SORT-LIST =
Specifies a sort sequence for logging.

SORT-LIST = *BY-DATE-AND-TIME
The entries are sorted by date and time.

SORT-LIST = *BY-ACCESS-TYPE
The entries are ordered by access type. The sequence of access types is: Dialog, Batch, POSIX, Operating and File-Transfer.

LINES =
Specifies whether the number of entries for output is restricted.

LINES = *STD
The number of entries for output is not restricted. You can abort output by pressing the K2 key.

LINES = <integer 1..40>
Specifies the maximum number of entries for output.

PRINCIPAL =
Length of the display of the Kerberos name in the logon history.

PRINCIPAL = *SHORT
The Kerberos name is displayed in shortened form in the logon history.

PRINCIPAL = *FULL
The Kerberos name is displayed in full length in the logon history together with the processor and station name.

Command return codes

(SC2)	SC1	Maincode	Meaning
	0	CMD0001	Command executed without errors
2	0	SRM6001	Command executed with a warning
	32	SRM6020	System error during command processing
	64	SRM6040	Semantic error during command processing
	130	SRM6030	Command cannot be processed at the present time

Examples: output of protection attributes

/show-logon-protection user-identification=user1

LOGON PROTECTION FOR USERID USER1    ON PUBSET A
EXPIRATION DATE:     2019-01-27        EXPIRATION WARNING:  30
PASSWORD:            YES
     MANAGEMENT:      USER CHANGE ONLY
     MINIMAL LENGTH:  2                 MINIMAL COMPLEXITY:  1
     LIFETIME:        90  DAYS          EXPIRATION DATE:     2018-10-29
     UNLOCK EXPIR:    BY USER           EXPIRATION WARNING:  15
     PASSWORD MEMORY: YES
     PERIOD:          7     DAYS
     CHANGES/PERIOD:  10                ACTUAL CHANGES:      1
     BLOCKING TIME:   56    DAYS        PASSWORDS BLOCKED:   1
SUSPEND:             YES
     COUNT:           5                 OBSERVE TIME:        15    MINUTES
     SUBJECT:         USERID            SUSPEND TIME:        30    MINUTES
INACTIVITY:          YES
     LIFETIME:        12  MONTHS        EXPIRATION DATE:     2019-07-31
DIALOG ACCESS:       YES               PASSWORD CHECK:      YES
     TERMINAL NAME:   SEE LIST BELOW    CHIPCARD:            NO PROTECTION
     TERMINAL SET:    POSITIVE LIST
     LIST OF AUTHORIZED TERMINALS (PROCESSOR,STATION):
     (PROCESS1,STATION1)
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET1
     GUARD:           $TSOS.GUARD1
     PERSONAL LOGON:  NO
BATCH ACCESS:        YES               PASSWORD CHECK:      GUARD
     CALLER USERID:   SEE LIST BELOW
     LIST OF AUTHORIZED USER IDENTIFICATIONS:
     USERID1
     GUARDS:
     PASSWORD CHECK:  $TSOS.GUARD2
     USER ACCESS:     $TSOS.GUARD3
OPERATOR ACCESS TERM:YES               PASSWORD CHECK:      YES
     CHIPCARD:        NO PROTECTION
OPERATOR ACCESS PROG:YES               PASSWORD CHECK:      YES
OPERATOR ACCESS CONS:YES               PASSWORD CHECK:      YES
POSIX RLOGIN ACCESS: YES               PASSWORD CHECK:      YES
     TERMINAL SET:    POSITIVE LIST
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET2
     GUARD:           $TSOS.GUARD4
POSIX REMOTE ACCESS: YES
     TERMINAL SET:    POSITIVE LIST
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET3
     GUARD:           $TSOS.GUARD5
NET DIALOG ACCESS:   YES               PASSWORD CHECK:      NO
     TERMINAL SET:    POSITIVE LIST
     PRINCIPAL:       SEE LIST BELOW
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET4
     LIST OF AUTHORIZED PRINCIPALS:
     ADMINISTRATOR@MYCOMPANY.NET
     GUARD:           $TSOS.GUARD6

/show-logon-protection user-identification=user1, -
/ information=*attributes(scope=*user-identification)

LOGON PROTECTION FOR USERID USER1    ON PUBSET A
EXPIRATION DATE:     LOGON-DEFAULT     EXPIRATION WARNING:  LOGON-DEFAULT
PASSWORD:            YES
     MANAGEMENT:      LOGON-DEFAULT
     MINIMAL LENGTH:  LOGON-DEFAULT     MINIMAL COMPLEXITY:  LOGON-DEFAULT
     LIFETIME:        LOGON-DEFAULT     EXPIRATION DATE:     LOGON-DEFAULT
     UNLOCK EXPIR:    LOGON-DEFAULT     EXPIRATION WARNING:  LOGON-DEFAULT
     PASSWORD MEMORY: LOGON-DEFAULT
SUSPEND:             LOGON-DEFAULT
     COUNT:           LOGON-DEFAULT     OBSERVE TIME:        LOGON-DEFAULT
     SUBJECT:         LOGON-DEFAULT     SUSPEND TIME:        LOGON-DEFAULT
INACTIVITY:          LOGON-DEFAULT
DIALOG ACCESS:       LOGON-DEFAULT     PASSWORD CHECK:      YES
     TERMINAL NAME:   SEE LIST BELOW    CHIPCARD:            NO PROTECTION
     TERMINAL SET:    POSITIVE LIST
     LIST OF AUTHORIZED TERMINALS (PROCESSOR,STATION):
     (PROCESS1,STATION1)
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET1
     GUARD:           $TSOS.GUARD1
     PERSONAL LOGON:  NO
BATCH ACCESS:        LOGON-DEFAULT     PASSWORD CHECK:      GUARD
     CALLER USERID:   SEE LIST BELOW
     LIST OF AUTHORIZED USER IDENTIFICATIONS:
     USERID1
     GUARDS:
     PASSWORD CHECK:  $TSOS.GUARD2
     USER ACCESS:     $TSOS.GUARD3
OPERATOR ACCESS TERM:LOGON-DEFAULT     PASSWORD CHECK:      YES
     CHIPCARD:        NO PROTECTION
OPERATOR ACCESS PROG:LOGON-DEFAULT     PASSWORD CHECK:      YES
OPERATOR ACCESS CONS:LOGON-DEFAULT     PASSWORD CHECK:      YES
POSIX RLOGIN ACCESS: LOGON-DEFAULT     PASSWORD CHECK:      YES
     TERMINAL SET:    POSITIVE LIST
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET2
     GUARD:           $TSOS.GUARD4
POSIX REMOTE ACCESS: LOGON-DEFAULT
     TERMINAL SET:    POSITIVE LIST
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET3
     GUARD:           $TSOS.GUARD5
NET DIALOG ACCESS:   LOGON-DEFAULT     PASSWORD CHECK:      NO
     TERMINAL SET:    POSITIVE LIST
     PRINCIPAL:       SEE LIST BELOW
     LIST OF TERMINAL-SETS, SCOPE: SYSTEM
     TERMSET4
     LIST OF AUTHORIZED PRINCIPALS:
     ADMINISTRATOR@MYCOMPANY.NET
     GUARD:           $TSOS.GUARD6

Example: output of access history

/show-logon-protection user-identification=user1,information=*logon-history

Logon history for userid USER1    on pubset A
Date        Time      Type        Cnt  Result          TSN   Subject
2017-11-10  17:45:45  DIALOG        1  ACCEPT          0015  PROZESSO STATION
2017-11-10  17:45:38  NET-KRBROS    1  ACCEPT          0015  SYSADMIN@MYCOMPANY.NET
2017-11-10  17:45:27  BATCH         1  ACCEPT                TSOS     0015
2017-11-10  17:45:22  RLOGIN        1  ACCEPT                PROCPOSX
2017-11-10  17:45:18  POS-BATCH     1  ACCEPT                HUGO     0015
2017-11-10  17:45:12  POS-REMOTE    1  ACCEPT                PROCPOSX USER123
2017-11-10  17:45:03  FT            1  ACCEPT
2017-11-10  17:44:57  FT-NO-PASS    1  ACCEPT
2017-11-10  17:44:52  FT-BATCH      1  ACCEPT

Significance of the output

The following table explains the significance of the individual field names and indicates which fields are output for which types of system access

Field name	Meaning
Date	Date of last access attempt
Time	Time of last access attempt
Type	Type of access (see table "Access history types")
Cnt	Number of unsuccessful attempts
Result	Successful/reason for rejection (see table "Access history results")
TSN	TSN of the dialog task
Subject	BATCH	User ID and TSN of initiator of batch task
	DIALOG	Processor name and terminal name of the terminal
	DIA-KRBROS	Kerberos name
	DIA-PERSON	Processor name and terminal name of the terminal
	DIA-USERID	Personal user ID of initiator of dialog task
	NET-KRBROS	Kerberos name
	OPER-CONS	Operator console name
	POS-BATCH	User ID and TSN of initiator of batch task
	POS-REMOTE	Processor name and user ID of the UNIX client, if applicable
	RLOGIN	Processor name
	STANDARD	User ID and TSN of initiator of task

Table 4: Fields in the access history display

The following table shows the possible contents of the Type (of access history) field and the significance of these contents:

Type	Meaning
BATCH	Batch
DIALOG	Interactive mode
DIA-KRBROS	Interactive mode with personal user ID with Kerberos authentication
DIA-PERSON	Interactive mode with personal user ID
DIA-USERID	Interactive mode with logon user ID
FT	File Transfer Admission
FT-BATCH	File Transfer Batch without password check
FT-NO-PASS	File Transfer Admission without password check
NET-KRBROS	Interactive mode with Kerberos authentication
OPER-CONS	Operator at the physical console in incompatible mode
OPER-PROG	Operator with dynamic authorization name as program (@CONSOLE)
OPER-TERM	Operator with dynamic authorization name in interactive mode ($CONSOLE)
POS-BATCH	POSIX batch commands `at`, `cron` or `batch`
POS-REMOTE	POSIX remote commands `rcp` or `rsh`
RLOGIN	POSIX remote login
STANDARD	No speciific access type
UCON	Operator with generated authorization name

Table 5: Access history types

The following table shows the possible contents of the Result (of access history) field and the significance of these contents:

Result	Meaning
ACCEPT		Access was permitted
ACCESS LOCK	Logon type	Locked (access type: ACCESS)
ACCNUM INVALID	Account numbers	Not entered (ACCOUNT)
BGUARD DENIED	Guard	Batch access denied (GUARD-NAME)
CALLER INVALID	Caller ID	Access denied (USER-ACCESS)
CERTIF INVALID	Certificate	Not entered (CERTIFICATE)
CLIENT KRBxxxx	Kerberos ticket	Invalid ticket, the Kerberos name of the client is logged. /HELP-MSG KRBxxxx
DGUARD DENIED	Guard	Interactive access refused (GUARD-NAME)
DIALOG KRBxxxx	Kerberos ticket	Incorrect ticket, the station name is logged. /HELP-MSG KRBxxxx
NGUARD DENIED	Guard	Network interactive access refused (GUARD-NAME)
PASSWD EXPIRED	Logon password	Expiration date exceeded (LIFETIME-INTERVAL)
PASSWD INVALID	Logon password	Incorrect (LOGON-PASSWORD)
PGUARD DENIED	Guard	POSIX access refused (GUARD-NAME)
PLOGON REJECT	personal logon	Interactive access refused (PERSONAL-LOGON)
PRIPAL INVALID	Kerberos principal	Not entered (PRINCIPAL)
SERIAL ERROR	User ID	User ID was modified
SERVER KRBxxxx	Kerberos ticket	Incorrect ticket, the server principal is logged. /HELP-MSG KRBxxxx
SUSPND DENIED	User ID	User ID suspended (SUSPEND-ATTRIBUTES)
TERMIN INVALID	Terminal	Not entered (TERMINAL)
TERSET DENIED	Terminal set	Access denied (TERMINAL-SET)
TGUARD DENIED	Terminal set guard	Access denied (TERM-SET/GUARD-NAME)
USERID EXPIRED	User ID	Expiration date exceeded (EXPIRATION-DATE)
USERID INACTIV	User ID	User ID inactive (INACTIVITY-LIMIT)
USERID INVALID	User ID	Internal inconsistency
USERID LOCK	User ID	Locked (LOCK-USER)

Table 6: Access history results

Output in S variables

The command’s INFORMATION operand is used to define the S variables for which values are entered. The following specifications are possible for INFORMATION:

Notation in command	Conditions in table
INFORMATION = ATTRIBUTES(SOPE=LOGON-DEF/*USER-ID)	1
INFORMATION = ATTRIBUTES(SCOPE=ALL)	2
INFORMATION = *LOGON-HISTORY	3

Output information	Name of the S variable	T	Contents	Condition
Caller ID in access history for batch mode	var(LIST).ACCESS(LIST).CALLER	S	<name 1..8>	3
Counter in access history	var(LIST).ACCESS(LIST).COUNT	I	<integer 1..999>	3
Date in access history	var(LIST).ACCESS(LIST).DATE	S	<date 10>	3
Personal user ID in access history	var(LIST).ACCESS(LIST).PERS-USER-ID	S	<name 1..8>	3
Principal name	var(LIST).ACCESS(LIST).PRINCIPAL	S	<name 0..1800>	3
Processor in access history for interactive mode access	var(LIST).ACCESS(LIST).PROCESSOR	S	<name 1..8>	3
Result in access history	var(LIST).ACCESS(LIST).RESULT	S	ACCEPT ACCESS LOCK ACCNUM INVALID BGUARD DENIED CALLER INVALID CERTIF INVALID CLIENT KRBxxxx DGUARD DENIED DIALOG KRBxxxx NGUARD DENIED PASSWD EXPIRED PASSWD INVALID PGUARD DENIED PLOGON REJECT PRIPAL INVALID SERIAL ERROR SERVER KRBxxxx SUSPND DENIED TERMIN INVALID TERSET DENIED TGUARD DENIED USERID EXPIRED USERID INACTIV USERID INVALID USERID LOCK	3
Caller TSN in access history for batch mode	var(LIST).ACCESS(LIST).RTSN	S	<alphanum-name 1..4>	3
Terminal in access history for interactive mode access	var(LIST).ACCESS(LIST).STATION	S	<name 1..8>	3
Time in access history	var(LIST).ACCESS(LIST).TIME	S	<time 8>	3
TSN in access history	var(LIST).ACCESS(LIST).TSN	S	<alphanum-name 1..4>	3
Type in access history	var(LIST).ACCESS(LIST).TYPE	S	BATCH DIALOG DIA-KRBROS DIA-PERSON DIA-USERID FT FT-BATCH FT-NO-PASS NET-KRBROS OPER-CONS OPER-PROG OPER-TERM POS-BATCH POS-REMOTE RLOGIN STANDARD UCON	3
Access control active in batch mode	var(*LIST).BATCH.ACCESS	S	LOGON-DEF NO *YES	1
Is access control in batch mode a default attribute?	var(*LIST).BATCH.ACCESS-DEF	B	FALSE TRUE	2
Name of the guard with which batch mode access is controlled	var(*LIST).BATCH.GUARD	S	*NONE <filename 1..18>	1
Password check active in batch mode	var(*LIST).BATCH.PASS-CHECK	S	NO YES <filename 1..18>	1
Authorized user ID in batch mode	var(LIST).BATCH.USER-ACCESS(LIST)	S	’’ CONSOLE GROUP OTHER OWN <name 1..8>	1
Selection of authorized user ID in batch mode	var(*LIST).BATCH.USER-ACCESS-DEFI	S	ALL LIST	1
System access control active in batch mode	var(*LIST).DIALOG.ACCESS	S	LOGON-DEF NO *YES	1
Is access control in interactive mode a default attribute?	var(*LIST).DIALOG.ACCESS-DEF	T	FALSE TRUE	2
Obsolete. Output only for compatibility reasons.	var(LIST).DIALOG.CHIP(LIST)	S	’’	1
Obsolete. Output only for compatibility reasons.	var(*LIST).DIALOG.CHIP-DEFI	S	*NO-PROT	1
Name of the guard with which interactive mode access is controlled	var(*LIST).DIALOG.GUARD	S	*NONE <filename 1..18>	1
Password check in interactive mode active	var(*LIST).DIALOG.PASS-CHECK	S	NO YES	1
Personal logon active for interactive mode access	var(*LIST).DIALOG.PERS-LOGON	S	NO YES	1
Name of the front-end processor on which the terminal from where it is possible to log on in interactive mode is generated	var(LIST).DIALOG.TER(LIST).PROCESS	S	’’ <name 1..8>	1
BCAM name of the computer from which the connection to $DIALOG may be established	var(LIST).DIALOG.TER(LIST).STATION	S	’’ <name 1..8>	1
Selection of approved terminals for interactive mode	var(*LIST).DIALOG.TER-DEFI	S	ALL LIST	1
Terminal sets of class GROUP	var(LIST).DIALOG.TER-SET.GROUP(LIST)	S	<name 1..8>	1
Group name	var(*LIST).DIALOG.TER-SET.GROUP-ID	S	<name 1..8> *UNIV	1
Terminal sets of class SYSTEM	var(LIST).DIALOG.TER-SET.SYSTEM(LIST)	S	<name 1..8>	1
Terminal sets of class USER	var(LIST).DIALOG.TER-SET.USER(LIST)	S	<name 1..8>	1
User ID	var(*LIST).DIALOG.TER-SET.USER-ID	S	<name 1..8>	1
Interactive mode access protected by terminal sets	var(*LIST).DIALOG.TER-SET-DEFI	S	NO-PROT LIST *EXCEPT	1
Encryption type of the ticket in the case of KRB0009	var(*LIST).ENC-TYPE	I	<integer 0..2147483647>	3
Expiration date of the user ID	var(*LIST).EXPIR-DATE	S	LOGON-DEF NONE <date 10>	1
Is the expiration date of the user ID a default attribute?	var(*LIST).EXPIR-DATE-DEF	T	FALSE TRUE	2
Time (specified in days) as of which a warning of expiration for the user ID is issued	var(*LIST).EXPIR-WARN	I	*LOGON-DEF <integer 0..366>	1
Is the expiration warning for the user ID a default attribute?	var(*LIST).EXPIR-WARN-DEF	B	FALSE TRUE	2
Dimension of inactivity limit	var(*LIST).INACTIVITY.DIM	S	’’ DAYS MONTHS	1
End of the inactivity period	var(*LIST).INACTIVITY.EXPIR-DATE	S	<date 10>	1
Inactivity limit	var(*LIST).INACTIVITY.LIFETIME	I	<integer 1..366>	1
Inactivity limit active	var(*LIST).INACTIVITY.PAR	S	LOGON-DEF NO *YES	1
Is the inactivity limit a standard attribute?	var(*LIST).INACTIVITY.PAR-DEF	B	FALSE TRUE	2
Key version of the ticket in the case of KRB0011	var(*LIST).KEY-VERSION	I	<integer 0..2147483647>	3
Access control in network interactive mode active	var(*LIST).NET-DIALOG.ACCESS	S	LOGON-DEF YES *NO	1
Is access control in network interactive mode a default attribute?	var(*LIST).NET-DIALOG.ACCESS-DEF	B	FALSE TRUE	2
Number of certification authority	var(LIST).NET-DIALOG.CERT(LIST). AUTHORITY	S	*ANY <integer 1..2147483647>	1
Certificate number	var(LIST).NET-DIALOG.CERT(LIST). NUMBER	S	<integer 0..2147483647>	1
Certificate protection in network interactive mode active	var(*LIST).NET-DIALOG.CERT-DEFI	S	NO-PROT LIST	1
Name of the guard with which network interactive access is protected	var(*LIST).NET-DIALOG.GUARD	S	*NONE <filename 1..18>	1
Password check in network interactive mode active	var(*LIST).NET-DIALOG.PASS-CHECK	S	YES NO	1
Principal name	var(LIST).NET-DIALOG.PRINCIPAL(LIST)	S	<name 1..1800>	1
Network dialog access via KERBEROS	var(*LIST).NET-DIALOG.PRINCIPAL-DEFI	S	ALL NO-PROT *LIST	1
Terminal sets of the class GROUP	var(LIST).NET-DIALOG.TER-SET. GROUP(LIST)	S	<name 1..8>	1
Group name	var(*LIST).NET-DIALOG.TER-SET. GROUP-ID	S	<name 1..8> *UNIV	1
Terminal sets of the class SYSTEM	var(LIST).NET-DIALOG.TER-SET. SYSTEM(LIST)	S	<name 1..8>	1
Terminal sets of the class USER	var(LIST).NET-DIALOG.TER-SET. USER(LIST)	S	<name 1..8>	1
User ID	var(*LIST).NET-DIALOG.TER-SET.USER-ID	S	<name 1..8>	1
Network interactive access protected with terminal sets	var(*LIST).NET-DIALOG.TER-SET-DEFI	S	NO-PROT LIST *EXCEPT	1
Access control active for console access	var(*LIST).OPER-CONS.ACCESS	S	LOGON-DEF YES *NO	1
Is access control during console access a default attribute?	var(*LIST).OPER-CONS.ACCESS-DEF	B	FALSE TRUE	2
Password check active for console access	var(*LIST).OPER-CONS.PASS-CHECK	S	YES NO	1
Authentication procedure for programmed operator active (operating mode)	var(*LIST).OPER-PROG.ACCESS	S	LOGON-DEF NO *YES	1
Authentication procedure for programmed operator effective (operating mode)	var(*LIST).OPER-PROG.ACCESS-DEF	B	FALSE TRUE	2
Password check for programmed operator active (operating mode)	var(*LIST).OPER-PROG.PASS-CHECK	S	NO YES	1
Authentication procedure for dialog partner connected via terminal active (operating mode)	var(*LIST).OPER-TER.ACCESS	S	LOGON-DEF NO *YES	1
Is the authentication procedure via terminal connected dialog partner a default attribute?	var(*LIST).OPER-TER.ACCESS-DEF	B	FALSE TRUE	2
Obsolete. Output only for compatibility reasons.	var(LIST).OPER-TER.CHIP(LIST)	S	’’	1
Obsolete. Output only for compatibility reasons.	var(*LIST).OPER-TER.CHIP-DEFI	S	*NO-PROT	1
Password check for dialog partner connected via terminal active (operating mode)	var(*LIST).OPER-TER.PASS-CHECK	S	NO YES	1
Number of locked passwords	var(*LIST).PASS.ACT-BLOCKED	I	<integer 0..100>	1
Actual number of password changes	var(*LIST).PASS.ACT-CHA	I	<integer 0..100>	1
Blocking time for passwords	var(*LIST).PASS.BLOCKING-TIME	I	<integer 1..32767>	1
Number of permitted password changes	var(*LIST).PASS.CHA-PER-PER	I	<integer 1..100>	1
Dimension of password lifetime	var(*LIST).PASS.DIM	S	’’ DAYS MONTHS	1
Expiration date of password	var(*LIST).PASS.EXPIR-DATE	S	LOGON-DEF ’’ NONE <date 10>	1
Is the expiration date of the password a default attribute?	var(*LIST).PASS.EXPIR-DATE-DEF	B	FALSE TRUE	2
Time (specified in days) as of which a warning of expiration is issued	var(*LIST).PASS.EXPIR-WARN	I	*LOGON-DEF <integer 0..366>	1
Is the expiration date of the password a default attribute?	var(*LIST).PASS.EXPIR-WARN-DEF	B	FALSE TRUE	2
Lifetime of the password	var(*LIST).PASS.LIFETIME	S	LOGON-DEF UNLIM <integer 1..366>	1
Is the expiration date of the password a default attribute?	var(*LIST).PASS.LIFETIME-DEF	B	FALSE TRUE	2
Password for user ID defined	var(*LIST).PASS.LOGON-PASS	B	FALSE TRUE	1
Authorization for management of the password	var(*LIST).PASS.MANAGE	S	LOGON-DEF BY-ADM BY-USER USER-CHA-ONLY	1
Is the authorization for managing the password a default attribute?	var(*LIST).PASS.MANAGE-DEF	B	FALSE TRUE	2
Minimum complexity of the password *NONE = any complexity Level 1 = no restrictions Level 2 = max. 2 consecutive identical characters Level 3 = at least 1 letter and 1 digit in the password Level 4 = level 3 + 1 special character	var(*LIST).PASS.MIN-COMPLEX	S	LOGON-DEF NONE <integer 1..4>	1
Is the minimal complexity of the password a default attribute?	var(*LIST).PASS.MIN-COMPLEX-DEF	B	FALSE TRUE	2
Minimum length of the password *NONE = max. 8 characters	var(*LIST).PASS.MIN-LEN	S	LOGON-DEF NONE <integer 1..8>	1
Is the minimal length of the password a default attribute?	var(*LIST).PASS.MIN-LEN-DEF	B	FALSE TRUE	2
List of password changes active	var(*LIST).PASS.PASS-MEMORY	S	LOGON-DEF NO *YES	1
Is the list of password changes a default attribute?	var(*LIST).PASS.PASS-MEMORY-DEF	B	FALSE TRUE	2
Period (in days) for which the restriction of the number of password changes applies	var(*LIST).PASS.PER	I	<integer 1..32767>	1
Authorization to replace an expired password	var(*LIST).PASS.UNLOCK-EXPIR	S	LOGON-DEF BY-ADM *BY-USER	1
Is the authorization for replacing an expired password a default attribute?	var(*LIST).PASS.UNLOCK-EXPIR-DEF	B	FALSE TRUE	2
Access control for POSIX remote access active	var(*LIST).POSIX-REM.ACCESS	S	LOGON-DEF YES *NO	1
Is access control during POSIC remote access a default attribute?	var(*LIST).POSIX-REM.ACCESS-DEF	B	FALSE TRUE	2
Name of the guard with which POSIX remote access is protected	var(*LIST).POSIX-REM.GUARD	S	*NONE <filename 1..18>	1
Terminal sets of the class GROUP	var(LIST).POSIX-REM.TER-SET. GROUP(LIST)	S	<name 1..8>	1
Group name	var(*LIST).POSIX-REM.TER-SET.GROUP-ID	S	<name 1..8> *UNIV	1
Terminal sets of the class SYSTEM	var(LIST).POSIX-REM.TER-SET. SYSTEM(LIST)	S	<name 1..8>	1
Terminal sets of the class USER	var(LIST).POSIX-REM.TER-SET. USER(LIST)	S	<name 1..8>	1
User ID	var(*LIST).POSIX-REM.TER-SET.USER-ID	S	<name 1..8>	1
POSIX remote access protected with terminal sets	var(*LIST).POSIX-REM.TER-SET-DEFI	S	NO-PROT LIST *EXCEPT	1
Access control for POSIX access via rlogin active?	var(*LIST).POSIX-RLOG.ACCESS	S	LOGON-DEF NO *YES	1
Is access control during POSIX access via rlogin a default attribute?	var(*LIST).POSIX-RLOG.ACCESS-DEF	B	FALSE TRUE	2
Name of the guard with which POSIX Rlogin access is protected	var(*LIST).POSIX-RLOG.GUARD	S	*NONE <filename 1..18>	1
Password check for POSIX access via rlogin active?	var(*LIST).POSIX-RLOG.PASS-CHECK	S	NO YES	1
Terminal sets of the class GROUP	var(LIST).POSIX-RLOG.TER-SET. GROUP(LIST)	S	<name 1..8>	1
Group name	var(*LIST).POSIX-RLOG.TER-SET. GROUP-ID	S	<name 1..8> *UNIV	1
Terminal sets of the class SYSTEM	var(LIST).POSIX-RLOG.TER-SET. SYSTEM(LIST)	S	<name 1..8>	1
Terminal sets of the class USER	var(LIST).POSIX-RLOG.TER-SET. USER(LIST)	S	<name 1..8>	1
User ID	var(*LIST).POSIX-RLOG.TER-SET.USER-ID	S	<name 1..8>	1
POSIX Rlogin access protected with terminal sets	var(*LIST).POSIX-RLOG.TER-SET-DEFI	S	NO-PROT LIST *EXCEPT	1
Password check for RBATCH processing active	var(*LIST).RBATCH.PASS-CHECK	S	NO YES	1
Permitted number of failed attempts	var(*LIST).SUSPEND.COUNT	I	<integer 0..32767>	1
Is the permitted number of invalid attempts a default attribute?	var(*LIST).SUSPEND.COUNT-DEF	B	FALSE TRUE	2
Dimension of observation time	var(*LIST).SUSPEND.OBS-DIM	S	’’ MINUTES HOURS	1
Observation time	var(*LIST).SUSPEND.OBS-TIME	I	<integer 0..32767>	1
Is the observation time a default attribute?	var(*LIST).SUSPEND.OBS-TIME-DEF	B	FALSE TRUE	2
Suspension active	var(*LIST).SUSPEND.PAR	S	LOGON-DEF NO *YES
Is the suspension active time a default attribute?	var(*LIST).SUSPEND.PAR-DEF	B	FALSE TRUE	2
Subject to be suspended	var(*LIST).SUSPEND.SUBJECT	S	USER-ID INITIATOR	1
Is the object to be suspended active time a default attribute?	var(*LIST).SUSPEND.SUBJECT-DEF	B	FALSE TRUE	2
Dimension of suspension time	var(*LIST).SUSPEND.SUS-DIM	S	’’ MINUTES HOURS	1
Suspension time	var(*LIST).SUSPEND.SUS-TIME	I	<integer 0..32767>	1
Is the suspension time a standard attribute?	var(*LIST).SUSPEND.SUS-TIME-DEF	B	FALSE TRUE	2
User ID	var(*LIST).USER-ID	S	<name 1..8>	1,3
Locking of user ID activated	var(*LIST).USER-ID-LOCK	B	FALSE TRUE	1

Table 6: Access history results

Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly

SHOW-LOGON-PROTECTION Output protection attributes

Examples: output of protection attributes

Example: output of access history

Significance of the output