Is it possible to control the system command through SOLVE or Netmaster region ?

Document ID : KB000045783
Last Modified Date : 14/02/2018
Show Technical Document Details

 

Question :

Is it possible to control the system command through SOLVE or Netmaster region ?

 

Answer :


A system command can be submitted through SYSCMD ocs command from a SOLVE or Netmaster region.
This command like others OCS commands are not controlled by the security exit (Full or Partial) relevant to the first level of security.
The control of OCS commands are part of the second level of security.
For this purpose, it is possible to control SYSCMD by either one of the two following methods :

1. NPF (Network Partitioning Facility)
This feature can be implemented to control access to an ocs command, system command, menu, resource, database, ...
When the NPF is implemented for the system command, it is possible to specify which system command is allowed or not allowed.

 

2. SYSCMD ncl procedure
The SYSCMD is set with the command replacement through SYSPARM CMDREPL by default. When the SYSPARM CMDREPL is effective for SYSCMD, the SYSCMD NCL procedure is executed first before invoking the SYSCMD command. A sample of SYSCMD is provided in hlq.CC2DEXEC library to enhance security in OCS windows.
The command replacement for SYSCMD is specified through the parameter group $NM CMDREPLS to get the permanent assignment.

 

Note : The System Command is always under the control of OPERCMDS security profile set for the user by the security system.

 

Additional Information :

 

The complete description can be found from CA Solve:Operations Automation Security Guide 11.9 - Chapter 6 : Implementing Resource-Level security - Controlling Access to Functions and Resources by Using NPF.