JES Selection mask - - USER OPTION field -

JES Selection mask - - USER OPTION field - - OP-LP

Up to BS2000 V10.0 it was only possible to control access to $CONSOLE by defining authorised user processes in the system generation (UCC statements and links to userids). The authorisation of the individual consoles was thus fixed at the time of the system generation.

As from BS2000 V11/OSD V1 it has become possible to use dynamic authorisation when connecting to $CONSOLE. After establishing a connection to the $CONSOLE application as a logical console, the authorisation to execute a variety of commands and Routing Codes can be requested with a REQ-OP-ROLE command. Connecting to $CONSOLE under CFS is achieved using a new format of the connection message.

In CFS, the following should be entered after opening the connection with OCn$CONSOLE:

$CONSOLE|@CONSOLE , user-id [, password] [, protv] [, DISCON=Y|N]

The protv parameter can be used to specify a protocol version for the console application which determines the additional exchange of data between the connection partners (see also the User macros NBBME, NBMAP). The possible values are: V00 | V01 | V02 .

$CONSOLE results in the connection being effected as a terminal, while @CONSOLE appears as a program. Both options are identical. A system difference is that the OPERATOR-ACCESS parameter (see below for further information) only allows console access for a userid for terminals ($CONSOLE) or programs (@CONSOLE).

OPERATOR-PSW-CHECK (see below) can be used to determine, separately for terminals and programs, whether or not the userid password will be checked when connecting.

OPERATOR-CHIPCARD (see below) allows one or more Chipcard IDs to be requested when connecting to the console as a terminal ($CONSOLE). These Chipcard IDs are only relevant when connecting to $CONSOLE. The other Chipcard IDs defined for the userid in the Join entry are only valid in a $DIALOG connection.

After a successful connection to the console has been established, the user must issue a /REQ-OP-ROLE xxxxx console command to allocate Routing Codes through which access will be permitted. The OPERATOR-ROLE determines which commands are permitted during this console session. To create an Operator Role xxxxx, the following commands must be issued from the SYSPRIV userid:

/CREATE-OP-ROLE xxxxx , ROUTING-CODES=( .... )

This command determines the Routing Codes relevant to the Operator Role, and hence the permitted console command set.

/MODIFY-OP-ATTRIBUTES USER-ID=user-id , ADD-OP-ROLES=xxxxx

This command links the Operator Role to a specific userid. This allows a userid to request this Operator Role via a REQ-OP-ROLE command.

OP-LP A list containing the most important Logon Protection characteristics for console access with dynamic authorisation (see above) will be displayed. The format of the list is described on page .

There are no Selection parameters for the User OP-LP Option.