There is some confusion on how to correctly initialize the CAISSF service. There are differences from what we currently have defined and what is documented in the CA Common Services Reference Guide, versus what is defined in the CA-7 Workload Automation Guide.
We have not traditionally used this statement:
PRODUCT(CAISSF) VERSION(S910) INIT(CAS9INIT)
but have used:
PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT)
What is the correct specification of this statement?
Do I need to code the additional parameter to indicate that we are RACF control IMAGE?
The two statements being questioned are essentially the same and will produce the same results.
The value for PRODUCT can be anything, so CAISSF or CAIRIM makes no difference.
The value for VERSION used to be S910, but starting with CCS r12.0 this changed to be CAS9...BUT this value is irrelevant if INIT is specified. If INIT were not specified than the CAIRIM program would use the value specified for VERSION and append "INIT" to it. So without INIT specified as shown in the above statements, you would end up with S910INIT or CAS9INIT respectively.
The value for INIT is the important part. This is the load module that will be loaded and executed. Starting with CCS r12.0 the delivered load module is CAS9INIT. So as long as you correctly specify INIT(CAS9INIT) the values for PRODUCT and VERSION are irrelevant but still need to be defined.
One additional piece of information. Starting with CCS r14.1+PTF RO54517 if the initialization statement for CAS9INIT is omitted all together, the execution of program CAIRIM will automatically run the initialization of CAS9INIT as though it was defined.
In regards to whether or not you need to code the additional PARM keyword and (value)...
When CAIRIM runs and executes CAS9INIT it does a check to see what security is active and loads the appropriate security translator. There is a separate security translator module for the CA-Top Secret, CA-ACF2, and IBM RACF security packages. If CAIRIM cannot determine what security package is present at the time of execution it will prompt with a WTOR asking for you to respond. If you include PARM(SSF(xxxx)) to specify what security runs on the system, than a prompt will be avoided if the check cannot determine what security is active at the time.
Please refer to the CA Common Services for z/OS Wiki and review the module on Administrating to learn more.