SDSF and External Security

[Michael Babcock]

What's the best way to tell if SDSF is using external security?  We have 
some LPARs that have the SDSF class active, but few profiles.  SDSF's 
ISFPARMS don't appear to be using external security.  Is there a way to 
tell definitively?  Or will SDSF use a combination?

I would assume it would use external security for those profiles that are 
defined, but revert to ISFPARMs if no profile was defined. Am I correct?
For example, one LPAR has the SDSF class active (but not RACLISTed).  These are 
the profiles defined in the SDSF class (and there is no catchall).

ISFCMD.DSP                          
ISFOPER.ANYDEST                     
ISFOPER.SYSTEM                      
ISFATTR.** (G)                      
ISFCMD.DSP.SCHENV.** (G)            
ISFCMD.DSP.** (G)                   
ISFCMD.ODSP.INITIATOR.** (G)        
ISFCMD.ODSP.** (G)                  
ISFCMD.** (G)                       
ISFE.** (G)                         
ISFFRDR.** (G)                      
ISFINIT.** (G)                      
ISFJOBCL.** (G)                     
ISFLINE.** (G)                      
ISFMEMB.** (G)                      
ISFNODE.** (G)                      
ISFO.** (G)                         
ISFRES.** (G)                       


The SDSF parms for SYSPROGs contain these statements.  

GROUP NAME(ISFSPROG),       /* GROUP NAME                          */
TSOAUTH(JCL,OPER,ACCT),     /*USER MUST HAVE JCL, OPER, ACCT       */
ACTION(ALL),                /* ALL ROUTE CODES DISPLAYED           */
ACTIONBAR(YES),             /* DISPLAY THE ACTION BAR ON PANELS    */
APPC(ON),                   /* INCLUDE APPC SYSOUT                 */
AUPDT(2),                   /* MINIMUM AUTO UPDATE INTERVAL        */
AUTH(LOG,I,O,H,DA,DEST,PREF,     /* AUTHORIZED FUNCTIONS           */
     SYSID,ABEND,ACTION,INPUT, 

     FINDLIM,ST,INIT,PR,TRACE, 

     ULOG,MAS,SYSNAME,LI,SO,NO,PUN,RDR,JC,SE,RES), 

CMDAUTH(ALL),               /* COMMANDS ALLOWED FOR ALL JOBS       */
CMDLEV(7),                  /* AUTHORIZED COMMAND LEVEL            */
CONFIRM(ON),                /* ENABLE CANCEL CONFIRMATION          */
CURSOR(ON),                 /* LEAVE CURSOR ON LAST ROW PROCESSED  */
DADFLT(IN,OUT,TRANS,STC,TSU,JOB),  /* DEFAULT ROWS SHOWN ON DA     */
DATE(MMDDYYYY),             /* DEFAULT DATE FORMAT                 */
DATESEP('/'),               /* DEFAULT DATESEP FORMAT              */
DFIELD2(DAFLD2),            /* SAMPLE ALTERNATE FIELD LIST FOR DA  */
DISPLAY(ON),                /* DO NOT DISPLAY CURRENT VALUES       */
DSPAUTH(ALL),               /* BROWSE ALLOWED FOR ALL JOBS         */
GPLEN(2),                   /* GROUP PREFIX LENGTH                 */
ILOGCOL(1),                 /* INITIAL DISPLAY COLUMN IN LOG       */
ISYS(LOCAL),                /* INITIAL SYSTEM DEFAULT FOR DA       */
LANG(ENGLISH),              /* DEFAULT LANGUAGE                    */
LOGOPT(OPERACT),            /* DEFAULT LOG OPTION                  */
OWNER(NONE),                /* DEFAULT OWNER                       */
UPCTAB(TRTAB2),             /* UPPER CASE TRANSLATE TABLE NAME     */
VALTAB(TRTAB),              /* VALID CHARACTER TRANSLATE TABLE     */
VIO(SYSALLDA)               /* UNIT NAME FOR PAGE MODE OUTPUT      */

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html