Questions for CICS Interview

1. What is the meaning for CICS?

Customer Information Control System.

2. What do we do by using CICS?

CICS is normally used for Real-time or Online processing when that particular processing cannot wait for batch processing normally done at the end of the day for most installations.

3. What are the eight steps for a CICS program development?

Get the complete specification Get related sourcebooks and subprograms Design the program Update the CICS Tables Code and compile the map definition Code the program Compile the program Test the program.

4. In a CICS development, do you compile the map or program first?

The map needs to be compiled first.

5. What is a transaction id or code?

A transaction is mostly a four letter unique predefined unit of work, a terminal work will use to invoke a specific map and the associated program.

6. What is a PCT and how it is used?

A PCT is a short name for Program Control Table, which contains the trans-id and the associated program which will be invoked when the trans-id is used.

7. What is a PPT and how it is used?

A PPT contains a valid list of program names and it also indicates the storage address if the program has already been loaded. CICS uses PPT to determine whether it will load a new copy of the program if the program is invoked.

8. Have you ever heard of SNT in CICS Processing?

Yes, it contains the names of all valid users of the system.

9. What is the use of DFHCOMMAREA and where it is located?

It helps to transfer data between two transactions and it is located in the LINKAGE SECTION.

10. Are you familiar with CEMT and CSMT functions?

What does these transactions do for you? These are normally supervisory functions, where they can be used to cancel tasks running at a different terminals. CSMT is used to update PPT. But I never had much chance to use them.

11. What transaction will you use to debug a CICS Program?

CEDF, which means CICS Execution Diagnostic facility.

12. What XCTL and LINK command is used for?

XCTL command transfers control to another program without setting up a return mechanism whereas the LINK command transfers control to next logical lower level with a return mechanism

13. Why the EXEC CICS HANDLE command is used?

It is used to specify what action the program needs to take when certain exceptional conditions occur.

14. Why the EXEC CICS RETURN command is used?

It is used simply to return control to CICS with no option and the terminal session ends.

15. What are the parameters will you use to code a SEND MAP command?

SEND MAP(name of the map) MAPSET(name of the mapset which contains the specific map) FROM(specifies the symbolic map) MAPONLY(specifies dataonly needs to be sent) DATAONLY(specifies that only data from the symbolic map needs to be sent) ERASE/ERASEUP CURSOR

16. How do you terminate each CICS commands?

EXEC CICS intermediate commands END-EXEC.

17. How do you obtain the storage dump from CICS?

CICS automatically adds the storage dump to a special file called dump data set. When the CICS is terminated, the dumps are automatically printed. The DSN can be found from the respective installation personnel.

18. What is the meaning for AEI9 CICS abend?

MAPFAIL.

19. What are the following entities represent?

EIBAID It is an one character field that indicates which attention key was used for the last RECEIVE command. EIBTRMID This field supplies the name of the terminal running the task. EIBCALEN This field represents the length of the communication area passed to my program. If no commarea is passed, it is set to zero.

20. How do you logoff from a CICS transaction?

Blank the screen, then type CSSF LOGOFF.

Collect troubleshooting data for file control (VSAM non-RLS) waits in CICS on z/OS

You receive a file control wait in CICS on z/OS. You would like to know what documentation the CICS support team will need to diagnose your problem. If you gather this documentation before calling support it will expedite the troubleshooting process, and save you time.

Gather the following documentation for a file control wait before calling IBM® support:

Required doc:
(1) CICS message log and the MVS™ system log (SYSLOG).
(2) CICS internal trace that is included in the MVS system dump when tracing is active. The trace should be at least 10240K and when possible level 1 tracing should be on for all CICS components and level 1-2 for the FC component.
(3) An MVS™ system dump of the CICS region taken as soon as you notice the hang or wait. Use the following MVS command followed by the reply to capture the dump:DUMP COMM=(dumpname)R yy,JOBNAME=( cicsjob),SDATA=(ALLNUC,PSA,SQA,CSA,LPA,TRT,LSQA,RGN) where dumpname is the name you want to give the dump, yy is the reply id, and cicsjobis the job name for your CICS region.

Optional doc:
(1) If feasible, save off the dataset by using IDCAMS ALTER NEWNAME to rename the dataset and save it in place (note that the example in the link has a DEFINE before the ALTER). If this is not feasible, run IDCAMS EXAMINE ITEST DTEST against the dataset and any alternate indexes associated with the dataset before continuing.
(2) If you are able to reproduce the problem, consider using CICS auxiliary trace or GTF Trace in combination with the MVS system dump. The dump is unlikely to tell you anything about system activity in the period leading up to the wait. This is because the trace table will probably wrap before you have had a chance to respond.

z/OS System Initialization Logic (IPL)

This presentation describes general processing involved initializing z/OS System from the IPL process until the system is ready to start JES2 or JES3. The major steps described are : the hardware process of loading z/OS, the loading and initialization of the nucleus, the initialization of general system resources, Master Scheduler Initialization.

The detail document refer to IBM web site: http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS3699

EXEC CICS QUERY SECURITY control

Default CICS CLASS used:

Restype: DB2ENTRY Class DB2ENTRY

FILE Class FCICSFCT

JOURNALNAME Class JCICSJCT

JOURNALNUM Class JCICSJCT

PROGRAM Class MCICSPPT

PSB Class PCICSPSB

SPCOMMAND Class CCISCMD

TDQUEUE Class DCICSDCT

TRANSACTION Class TCICSTRN

TRANSATTACH Class ACICSPCT

TSQUEUE Class SCICSTST

A History of CICS

1968
* CICS/OS introduced as program offering

* Designed to support 50 BTAM terminals

* Supported out of Palo Alto, CA

* Not expected to last more than a few years

* Assembler macros that supported a limited number of functions

1974
* CICS/VS 1.0 introduced* Single address space or partition monitor

* Introduction of management functions

* Support for DOS/VS, OS/VS1, and OS/VS2

* Macro Level only

* HLL supported through pre-processor

1976
* CICS/VS 1.3

* Support moved to Hursley in exchange for PL/1

* Introduction of command level

* Introduction of recovery/restart

1978
* CICS/VS 1.4

* Introduction of ISC

* IBM® Statement: New functions will be through command level

1980
* CICS/VS 1.5

* Introduction of MRO

1983
* CICS/VS 1.6, and 6 months later 1.6.1

* Introduction of RDO for PPT and PCT entries

* Last release to provide the same functionality across all operating systems

* XA functions are provided

* VSAM subtasking introduced

1986
* CICS/VS 1.7

* AUTOINSTALL + JES Spool Interface support introduced

* VTAM® terminals now RDO definable

* ISAM support dropped

* File control program and other management module rewritten

* The new code became OCO* IBM again warns its customers about Macro Level

1987
* CICS/MVS® 2.1

* Some performance improvements over 1.7

* Introduction of XRF

1989
* CICS/ESA® 3.1.1

* Macro Level support dropped for HLL programs

* Totally new architecture

* Multiple TCBs

* Many old functions dropped

1991
* CICS/ESA 3.2

* Macro Level support dropped for all languages

* Another rewrite for DFHFCP

* CICS security as known (DFHSNT) is eliminated

* More old functions are dropped

1992
* CICS/ESA 3.3

* Storage protection feature for CICS/ESA domain storage

* Introduction of Dynamic Link function

* Shared Data Tables

* Distributed Program Link

* Front End Programming Interface

1994
* CICS/ESA 4.1

* Transaction Isolation (Storage protection)

* MRO using Enhanced Cross System Coupling Facilities (XRF)

* Dynamic transaction routing among Parallel Transaction Servermachines

1995
* CICS/VSE® 2.3

* Enhanced programmer interfaces allowing for the replacement of macro level calls

* Support for LE for VSE/ESA and associated languages

* A tool to aid in the migration of customers from the use of internal CICS security to an external security manager (ESM)

1996
* CICS Transaction Server for OS/390® 1.1

* A new domain for logging and journaling - the CICS log manager

* A new domain for recovery - the CICS recovery manager

* A new domain for temporary storage

* RDO for transient data destinations

* Addition of the EXEC CICS CREATE SPI command for the creation of CICS resource definitions for a sysplex-wide systems management product

1997
* CICS Transaction Server for OS/390 1.2

* Introduction of DASDONLY logging

1998
* CICS Transaction Server for OS/390 1.3

* Parallel Sysplex® support

* Coupling facility data tables

* RDO for temporary storage

* Long temporary storage queue names

* Autoinstall for consoles

* CICS business transaction services (BTS)

* Open transaction environment (OTE)

* Support for the Java™ Virtual Machine (JVM)

* Support for IIOP requests inbound to Java application programs.

2000
* CICS Transaction Server for VSE/ESA™ 1.1.1

* Exploitation of ESA/390 subsystem storage protection

* Extensive Virtual Storage Constraint Relief

* Expanded Application Programming Support including a new External CICS Interface (EXCI) and a Front End Programming Interface (FEPI)

* System Management enhancements including Resource Definition Online (RDO) for files

* Shared data tables for improved performance and availability

* The CICS Web Interface (CWI) which provides direct access to CICS applications from the World Wide Web environment. This will be available from the first quarter of 2000

* The CICS 3270 Bridge, which provides an interface to run 3270-based CICS transactions without a 3270 terminal.

* Inclusion of REXX for CICS, from the fourth quarter of 1999.

* Inclusion of CICS/DDM as an optional no-charge feature* Inclusion of Report Controller Facility (RCF) without extra charge.

2001
* CICS Transaction Server for z/OS® 2.1

* Support for the industry-standard Enterprise JavaBeans (EJB) architecture, enabling CICS to act as an EJB server

* Facilities for the generation of new EJB applications, or for the reuse or incorporation of existing applications and data in an EJB solution

* Enhancements to the facilities for network connectivity in support of e-business enablement, and to Java programming under CICS

* Extensions to facilities for applications based on procedural programming models

* Significant extensions to CICSPlex® SM

2002
* CICS Transaction Server for z/OS 2.2

* Enhanced support for Enterprise Java, and session bean support that conforms to the J2EE Enterprise JavaBeans (EJB) architecture.

2003
* CICS Transaction Server for z/OS 2.3

* Enhanced Java capability including performance improvements, support for Java SDK 1.4, the Common Client Interface (CCI) Connector for CICS TS, and the addition of CICS Web Support to the JCICS classes

* Improved support for development of applications, including interactive debugging

* Further connectivity options, including new security functions, and the recently-introduced SOAP for CICS optional feature

* Enhancements in the area of availability, including workload balancing of the 3270 Bridge using CICSPlex(R) SM

* Important performance improvements in CICS-DB2 attachment

2005
* CICS Transaction Server for z/OS 3.1

* Major new capabilities are provided in the areas of Web services, HTTP function, and security

* C/C++ capability is enhanced by support for XPLink

* CICS Web API commands are now threadsafe* OTE function has been extended

* Language Environment-enabled Assembler applications are supported

* A new mechanism is provided for inter-program data transfer

* The Information Center has moved to the Eclipse platform

* Functional and usability improvements are provided to the CICSPlex SM Web User Interface, enabling systems to be fully managed without the TSO End User Interface

* New batch update mechanism is provided for the CICSPlex SM data repository

2007
* CICS Transaction Server for z/OS 3.2

* Application Connectivityo Web services standards, interoperability profiles, large messages, and data mappingo Intercommunications over TCP/IPo HTTP and TCP/IP management and performance

* Application Reuseo 64-bit storage for CONTAINER datao CICS integrated translator support for C and C++o Java enhancements

* Service Managemento On-line management of program librarieso Enterprise Workload Managero CICSPlex SM Web User Interface help, usability, and MAP supporto CICS-WMQ adapter installation and management

* Architectural Enhancementso Capacity of VSAM ESDS files >4GB, shared data tables >2GB, and CICS regions in a Sysplexo Trace, monitoring, and statisticso Threadsafe core APIs for accessing VSAM files, journals, and WebSphere® MQ

...taken from an IBM site
http://www-1.ibm.com/support/docview.wss?rs=1083&context=SSGMGV&dc=DB520&uid=swg21025234&loc=en_US&cs=UTF-8&lang=en&rss=ct1083other

How can I find out what jobs are filling the JES2 spool

Here is a selection of useful JES2 commands:
$djq,spl=(%>5) Display all jobs which occupy more than 5% of the spool
$djq,a>5,q=ppu Display all jobs on the print/punch queue more than 5 days old
$djq,q=ppu,type=tsu Display all TSUs on the print/punch queue
$djq'jobname',spl Display spool percent occupied by the named job
$djq,q=ppu,userid Display userid associated with jobs on print/punch queue
$pjq,a>5,q=ppu Purges all jobs on the print/punch queue more than 5 days old
$pjq,q=ppu,type=tsu Purge all TSUs on the print/punch queue
$da,x Displays all jobs, including TSU and STC
$pjnnnnn Purge JOB number nnnnn
$psnnnnn Purge STC number nnnnn
$ptnnnnn Purge TSU number nnnnn
$dspl Display percent spool used
$ta wlog,t=23.58,i=86400,'$vs,''W L''' Automatically spin SYSLOG to sysout L once per day
$dos'syslog',crtime,age,rec,odisp,q Display all SYSLOG output groups on spool
$pos'syslog',a>5 Delete SYSLOG output groups more than 5 days old

How do I get step condition codes to print in the JES2 job log

Install the SMF exit IEFACTRT. The source is in SYS1.SAMPLIB(IEEACTRT).

1. Run this job to install the exit in a linklist library:

//SPSMFXIT JOB CLASS=A,MSGCLASS=X,MSGLEVEL=(1,1),NOTIFY=&SYSUID
//ASMXIT EXEC HLASMCL,REGION=4M,COND.L=(0,NE,C),
// PARM.L='LIST,LET,NCAL,XREF,RENT,REUS'
//C.SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR
// DD DSN=SYS1.MODGEN,DISP=SHR
//C.SYSIN DD DSN=SYS1.SAMPLIB(IEEACTRT),DISP=SHR
//L.SYSLMOD DD DSN=USER.LINKLIB(IEFACTRT),DISP=SHR,UNIT=,SPACE=

2. Update your SMF parameter member SMFPRM00 in USER.PARMLIB. You need SMF recording ACTIVE, you need to record at least type 30 records which drive the IEFACTRT exit, and of course you need to specify that exit IEFACTRT is active. Here is an example SMFPRM00 member:

ACTIVE /* ACTIVE SMF RECORDING */
DSNAME(SYS1.MAN1,
SYS1.MAN2,
SYS1.MAN3)
NOPROMPT /* DO NOT PROMPT OPERATOR */
REC(PERM) /* TYPE 17 PERM RECORDS ONLY */
MAXDORM(3000) /* WRITE IDLE BUFFER AFTER 30 MIN */
STATUS(010000) /* WRITE SMF STATS AFTER 1 HOUR */
JWT(2400) /* 522 AFTER 24 HOURS */
SID(&SYSNAME(1:4)) /* USE SYSTEM NAME FROM IEASYM00 */
LISTDSN /* LIST DATA SET STATUS AT IPL */
SYS(TYPE(14:19,30,62:69),NOEXITS,NOINTERVAL,NODETAIL)
/* WRITE ONLY DATA MANAGEMENT RECORDS, TAKE NO EXITS. */
/* NOTE: JES EXITS CONTROLED BY JES , THERE IS NO */
/* DEFAULT INTERVAL RECORDS WRITTEN AND ONLY SUMMARY T32 */
/* RECORDS AS A DEFAULT FOR TSO. */
SUBSYS(JES2,EXITS(IEFACTRT))
/* WRITE RECORDS ACCORDING TO SYS VALUE, TAKE ONLY IEFACTRT EXIT. */
/* USE ALL OTHER SYS PARMETERS AS A DEFAULT. */

3. Enter this MVS command to activate the updated SMF parameters:

SET SMF=00

4. Enter these MVS commands to activate the exit:

F LLA,REFRESH
SETPROG EXIT,DELETE,EXITNAME=SYSJES2.IEFACTRT,MODNAME=IEFACTRT
SETPROG EXIT,ADD,EX=SYSJES2.IEFACTRT,MOD=IEFACTRT,DSN=USER.LINKLIB

IXG231I reason 80B at CICS TS startup

Problem
At startup of your CICS® Transaction Server (CICS TS) region, you receive message IXG231I IXGCONN reason 80B. This is followed by message DFHLG0508 log not defined to MVS.

Symptom
You initially set up Logger to use DUMMY logs and now you want to set up real logs. While going through the logger and policy definitions, you found the MVS group made a typo in the stream name. This was subsequently corrected.
After correcting the typo, you still receive the following at startup when attempting to connect to the log:
DFHLG0103I System log (DFHLOG) initialization has started.

IXG231I IXGCONN REQUEST=CONNECT TO LOG STREAM ISP.TST000.TEST000.DFHLOG DID NOT SUCCEED FOR JOB . RETURN CODE: 00000008 REASON CODE: 0000080B DIAG1: 00000008 DIAG2: 0000F801 DIAG3: 05030004 DIAG4: 05020010

DFHLG0508 Log stream ISP.TST000.TEST000.DFHLOG not defined to MVS because model stream SSY6.DFHLOG.MODEL does not exist.

DFHLG0731 A failure has occurred while opening the system log (DFHLOG).DFHDU0303I Transaction Dump Data set DFHDMPA closed.DFHKE1800 ABNORMAL TERMINATION OF CICS IS COMPLETE.

Cause
The STREAMNAME in CICS CEDA definition does not match the LOGSTREAM NAME in MVS definition. Here are the definitions that caused the failure:
MVS Policy using IXCMIAPU:

LOGSTREAM NAME(TST000.TEST000.DFHLOG) STRUCTNAME() LS_DATACLAS()LS_MGMTCLAS() LS_STORCLAS() HLQ(ISP) MODEL(NO)LS_SIZE(12000)STG_MGMTCLAS() STG_STORCLAS() STG_DATACLAS()STG_SIZE(3000)

LOWOFFLOAD(60) HIGHOFFLOAD(80) STG_DUPLEX(YES)

DUPLEXMODE(UNCOND)

RMNAME() DESCRIPTION() RETPD(0) AUTODELETE(NO)

DASDONLY(YES) DIAG(NO) MAXBUFSIZE(65532)
CICS Journal model using CEDA:

CEDA View Journalmodel( DFHLOG )

Journalmodel : DFHLOG

Group : LOGSCICS

Description : DEFINE SYSTEM LOG AS MVS

Journalname : DFHLOG

Type : Mvs Mvs | Smf | Dummy

Streamname : ISP.TST000.TEST000.DFHLOG

Resolving the problem
Change the logstream name in the MVS policy to match the streamname in the CEDA Journalmodel.
Once you correct the DASD ONLY CICS Journalmodel definition, the region will start up fine with the expected DFHLG0777 reason 868 message. This message is to be expected at connect time during CICS startup when the staging dataset is being allocated. You may see more than one 868 message depending on staging dataset size.

Consoles and CICS

Group DFHTERMC contains an autoinstall model definition for a console, but this is not included in DFHLIST

To ensure CICS invokes your autoinstall control program, specify system initialization parameter AICONS=YES, or use the CEMT, or EXEC CICS, SET AUTOINSTALL CONSOLES(PROGAUTO) command to specify console autoinstall dynamically.

If you decide to let CICS autoinstall consoles without invoking your autoinstall control program, specify system initialization parameter AICONS=AUTO, or use the CEMT, or EXEC CICS, SET AUTOINSTALL CONSOLES(FULLAUTO) command to specify console autoinstall dynamically. With the AUTO option, CICS allocates the termid automatically.

Common out-ot-space error codes

B37-04: insufficient space/extents on current volumeand no additional volumes available

B37-08: VTOC conversion routine failed

B37-0C: too many open datasets on device

D37-04: no secondary space specified

E37-04: no more volumes specified

E37-08: no space available on new volume

E37-0C: DADSM exit rejected extend

837-08: Tape dataset requires gt 5 volumes

IEC070I 203-204: No secondary space specified

IEC070I 104-034: Max extents or max RBA limit reached

IEC070I 104-204: VSAM – Insufficient space on current volumeand no additional volumes available, or maxextents reached

DSNT408I: Insufficient space/extents to extend a DB2

SQLCODE –904 tablespace.

Define new user to RACF via batch JCL sample

//DEFRACF EXEC PGM=IKJEFT01,DYNAMNBR=20

//SYSLBC DD DSN=SYS1.BRODCAST,DISP=SHR

//SYSEXEC DD DISP=SHR,DSN=SYS1.SBPXEXEC

//SYSPROC DD DISP=SHR,DSN=SYS1.HRFCLST

//SYSTSPRT DD SYSOUT=*

//SYSTSIN DD *

/*******************************************************************/

/* THIS MEMBER IS USED BY MAINUSER PROGRAM. */

/* */

/* CUSTOMIZE: */

/* PROC(SYSUSER): Change the PROC to your TSO logon procedure. */

/* ACCTNUM(12345678): Change it to your TSO account number. */

/* ALTUSER %USERID% NOSPECIAL NOOPERATION NOGRPACC */

/* If you need to add a highest authority user, change it t */

/* ALTUSER %USERID% SPECIAL OPERATION GRPACC */

/* */

/* SYMBOLS TO BE REPLACED BY PROGRAM: */

/* %USERID% : This is the upper case TSO userid. */

/* %LCUSERID%: This is the lower case TSO userid. */

/* %PASSWORD%: This is initial password for TSO userid. */

/* %USERNAME%: This is the user name of the TSO userid. */

/* %UID% : This is the UID of the user, */

/* It should be unique in system, however it will */

/* be maintained by MAINUSER program. */

/*******************************************************************/

ADDUSER %USERID% NAME('%USERNAME%') +

DFLTGRP(USER) UACC(READ) +

OMVS( +

UID(%UID%) +

PROGRAM('/bin/sh') +

HOME('/u/%LCUSERID%') +

) +

TSO( +

PROC(SYSUSER) +

ACCTNUM(12345678) +

SIZE(24000) +

MAXSIZE(0) +

UNIT(SYSDA) +

JOBCLASS(A) +

USERDATA(0000) +

)

ADDSD '%USERID%.**' GENERIC OWNER(SYS1) UACC(READ) +

AUDIT(FAILURES(READ)) LEVEL(00) DATA('USER DATASET GROUP')

PERMIT '%USERID%.**' GENERIC ID(%USERID%) ACCESS(ALTER)

PERMIT ** CLASS(ACCTNUM) ID(%USERID%)

SETROPTS RACLIST(ACCTNUM) REFRESH

PERMIT ACCT CLASS(TSOAUTH) ID(%USERID%)

PERMIT CONSOLE CLASS(TSOAUTH) ID(%USERID%)

PERMIT JCL CLASS(TSOAUTH) ID(%USERID%)

PERMIT MOUNT CLASS(TSOAUTH) ID(%USERID%)

PERMIT OPER CLASS(TSOAUTH) ID(%USERID%)

PERMIT PARMLIB CLASS(TSOAUTH) ID(%USERID%)

PERMIT RECOVER CLASS(TSOAUTH) ID(%USERID%)

PERMIT SUBMIT CLASS(TSOAUTH) ID(%USERID%)

PERMIT TESTAUTH CLASS(TSOAUTH) ID(%USERID%)

SETROPTS RACLIST(TSOAUTH) REFRESH

PERMIT DBAUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT IKJACCNT CLASS(TSOPROC) ID(%USERID%)

PERMIT IKJASE CLASS(TSOPROC) ID(%USERID%)

PERMIT ISPUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT PLSUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT SYSUSER CLASS(TSOPROC) ID(%USERID%)

PERMIT TEST CLASS(TSOPROC) ID(%USERID%)

PERMIT TIVUSER CLASS(TSOPROC) ID(%USERID%)

SETROPTS RACLIST(TSOPROC) REFRESH

PERMIT ISFOPER.SYSTEM CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFATTR.OUTPUT.* CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFATTR.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFCMD.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFINIT.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

PERMIT ISFOPER.** CLASS(SDSF) ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(SDSF) REFRESH

PERMIT MVS.ROUTEMGR.OMPROUTE CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.ROUTEMGR.OROUTED CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.SERVMGR.PAGENT CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.SERVMGR.RSVPD CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.CANCEL.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.MODIFY.* CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT JES2.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.CANCEL.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.VARY.TCPIP.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVS.** CLASS(OPERCMDS) +

ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(OPERCMDS) REFRESH

PERMIT BPX.SUPERUSER CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT CBD.CPC.IOCDS CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT CBD.CPC.IPLPARM CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.FULLPACK CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.INPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.DISK.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.OAM.OUTPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.OAM.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.BLP CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.DUPLICATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.INPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.MOUNT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.OUTPUT CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.TAPE.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT DITTO.VSAM.UPDATE CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVSADMIN.WLM.POLICY CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.MASTER CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.VRS CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT MVSADMIN.XCF.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.ADR.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.EDG.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.IDC.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

PERMIT STGADMIN.IGG.** CLASS(FACILITY) +

ID(%USERID%) ACCESS(UPDATE)

SETROPTS RACLIST(FACILITY) REFRESH

OSHELL mkdir /u/%LCUSERID%

OSHELL chown %LCUSERID%:user /u/%LCUSERID%

ALTUSER %USERID% PASSWORD(%PASSWORD%) RESUME

ALTUSER %USERID% NOSPECIAL NOOPERATION NOGRPACC

//* END OF ADDUSER JCL

Finding the z/OS Sysname in CICS

Looking in SYS1.MACLIB(CVT), we see that z/OS has a control block called the CVT (Communications Vector Table) that contains the sysname 340 bytes into it. In the comments at the top of that member, we learn that there is a pointer to the CVT in the PSA (Prefixed Save Area) x’10′ bytes into it. The PSA is easy to find – it is at address 0. So, armed with this info, I wrote the sample code below, which you are welcome to use or incorporate into your own project. If you use this code, just define a PPT for it (if you do not use autoinstall for programs) and point a tranid to the program.

IDENTIFICATION DIVISION.
PROGRAM-ID. CVTTEST.

ENVIRONMENT DIVISION.
DATA DIVISION.
WORKING-STORAGE SECTION.

01 WS-PSA-POINTER.
10 PSA-PTR-PIC9 PIC S9(8) COMP-5 VALUE 0.
10 PSA-PTR REDEFINES PSA-PTR-PIC9 POINTER.

01 SEND-AREA.
10 FILLER PIC X(1) VALUE SPACE.
10 FILLER PIC X(11) VALUE 'CVTSNAME = '.
10 SA-CVTSNAME PIC X(8) VALUE SPACES.

LINKAGE SECTION.

01 PSA.
10 FILLER PIC X(16).
10 CVT-PTR POINTER.

01 CVT.
10 FILLER PIC X(340).
10 CVTSNAME PIC X(8).

EJECT

PROCEDURE DIVISION.

100-MAINLINE.

SET ADDRESS OF PSA TO PSA-PTR.
SET ADDRESS OF CVT TO CVT-PTR.

MOVE CVTSNAME TO SA-CVTSNAME.

EXEC CICS SEND FROM(SEND-AREA)
LENGTH(LENGTH OF SEND-AREA)
END-EXEC.

999-RETURN.

EXEC CICS RETURN
END-EXEC.

GOBACK.

CALL or LINK?

It’s an old question … In my CICS program, should I invoke a subprogram using a standard COBOL CALL, or should I use the EXEC CICS LINK API?

The traditional answer was, “LINK is easier to debug, CALL is more efficient.” However, there have been some changes in the CICS environment in recent years that blur the efficiency line and add other variables to consider.

The reason that LINK was considered easier to debug is that CALLs are “invisible” to CICS – you won’t see the transfer take place if using CEDF to debug. However, modern debug tools (e.g., Xpediter) have no problems showing CALLs, and virtually all shops use such a tool these days. So, if CALLs are more efficient and there is no debugging advantage to LINK, why use the CICS API?

The biggest advantage is probably the fact that using LINK can send control over to another CICS region. Since CICS has minimal involvement with a CALL, the processing stays in the same region; use LINK, and the program could be invoked in the same region, or it may be statically or dynamically routed to another region. If the program has special resource needs that are best served (or only served) in a particular region, statically route its execution to that region; if load balancing, let WLM route it to the least busy region. In my mind, those are huge. Other advantages include the fact that when using LINK, CICS will handle DATALOCATION (any/below) and EXECKEY (user/CICS) differences, and it will handle mode switches between THREADSAFE/QUASIRENT CONCURRENCY and OPENAPI/CICSAPI.

Another consideration that used to exist was that more than 32K could be passed in a CALL, but COMMAREA used to pass data in a LINK have that limit. However, use of CHANNELS and CONTAINERS overcome this limitation starting in CICS/TS 3.1.

My general rule of thumb is this … If invoking a subprogram that does not do “CICS stuff” (i.e., has no EXEC CICS statements), the same subprogram could easily be called from batch, so use a COBOL CALL so that the interfaces are consistent. If it does “CICS stuff”, then use LINK. But that’s just a rule of thumb – if efficiency concerns override the advantages of using LINK, then it’s perfectly fine to CALL a program that has “CICS stuff” in. If there are issues with CONCURRENCY or other items mentioned above, using LINK to invoke a program with no “CICS stuff” is perfectly fine, too. Use the tool that is best fitted for the situation.

CICS Access to RACF

CICS doesn’t supply much access directly to RACF info via the API. But there is a supported way to obtain a lot of RACF information about the current user. And it can be done in COBOL.

EXEC CICS ADDRESS ACEE will provide access to the RACF ACEE control block. (ACEE stands for Access Control Environment Element. Maybe it will come up in a trivia question some day. Probably not. The important thing to know is that it is a block of storage containing RACF information which can be addressed from application programs.) From there, it is possible to easily obtain the user’s primary RACF group and the user’s name (as it is recorded in RACF).

The layout of the ACEE control block is documented in SYS1.MACLIB(IHAACEE). Unfortunately, there is not a COBOL copybook provided, so to access this information in a COBOL program, we have to code our own storage definitions. The following are based on SYS1.MACLIB(IHAACEE):
01 ACEE.
05 FILLER PIC X(021).
05 ACEEUSRI PIC X(008).
05 FILLER PIC X(001).
05 ACEEGRPN PIC X(008).
05 FILLER PIC X(062).
05 ACEEUNAM-POINTER USAGE IS POINTER.
01 ACEE-USER-NAME.
05 FILLER PIC X(001).
05 ACEEUNAM PIC X(020).
And we need a piece of miscellaneous working storage to hold a pointer:
77 WS-ACEE-ADDR-POINTER USAGE IS POINTER.
Now, if we execute the following, we’ll have the address of the ACEE control block in that pointer:
EXEC CICS
ADDRESS ACEE (WS-ACEE-ADDR-POINTER)
END-EXEC.

And then the following commands will make the RACF information addressable by our storage definitions:
SET ADDRESS OF ACEE TO WS-ACEE-ADDR-POINTER.
SET ADDRESS OF ACEE-USER-NAME TO ACEEUNAM-POINTER.

Now we have the user’s RACF id in ACEEUSRI, the user’s primary RACF group in ACEEGRPN, and the user’s name in ACEEUNAM. Very simple – just a matter of knowing how to address the information.

In a future post, I’ll continue this and see how we can obtain all of the RACF groups to which the user’s RACF id is connected.

How to know the list of RACF profiles

(1) You can run program IRRDBU00 against the RACF database which unloads it into a sequential dataset.

Code:

//STEP010 EXEC PGM=IRRDBU00,REGION=48M,PARM=NOLOCKINPUT

//SYSPRINT DD SYSOUT=*

//INDD1 DD DISP=SHR,

// DSN=SYS1.RACFDS

//OUTDD DD DSN=IBMUSER.SYS1.RACFDS.DUMP,

// DISP=(NEW,CATLG,DELETE),

// UNIT=SYSDA,SPACE=(CYL,(20,5),RLSE),

// DCB=(RECFM=VB,LRECL=4096,BLKSIZE=20480)

(2) The output file will contain a variety of record types. The 0404 will contain dataset profiles with the RACF groups or RACF users that can reference them:

Code:

//ST0404 EXEC PGM=SORT

//SORTIN DD DSN=IBMUSER.SYS1.RACFDS.DUMP,DISP=SHR

//SORTOUT DD DSN=IBMUSER.SYS1.RACFDS.DUMP.C404DSPA,

// DISP=(NEW,CATLG,DELETE),

// UNIT=SYSDA,SPACE=(TRK,(15,15),RLSE),

// DCB=(RECFM=VB,LRECL=4096,BLKSIZE=20480)

//SYSOUT DD SYSOUT=*

//SYSIN DD *

SORT FIELDS=COPY

INCLUDE COND=(5,4,CH,EQ,C'0404')

/*

Free z/OS mainframe system on Internet

(1) The TSO userid, which also has many other access on Dechi System mainframe (CICS, DB2, MQ, etc), can be registered at following self-service page:

http://zos.efglobe.com/cgi-bin/mainframe/mainuser

(2) Connect to DeZhi Mainframe system via TN3270 clinet (fandezhi.efglobe.com 23):

(3) Logon to TSO

Some RACF command examples

Allow Access to a RACF Resource

PERMIT profile-name ACCESS(access-type) CLASS(class-name) ID(userid)
Find all DSNs for a Profile

LD DA(‘profile’) ALL DSNS
Find all Profiles for a User

LD ID(userid)
List Profile Information (even if Generic exists)

LD DA(‘dsname’) GENERIC
List Group Information

LG group-name DFP
List User attributes

LU (user1,user2,user3) DFP TSO
Change a User Password

PW PASSWORD(current new) USER(userid)
ALU userid PASSWORD(new)
Reset a User Password to Default Group

PW USER(userid)
Delete Access to a Tape Volume

PERMIT tapevolser CLASS(TAPEVOL) USER(userid) DELETE
Add a Generic Profile

ADDSD ‘hlq.qual2.*’ UACC(access-type)
Restrict use of a Storage Class

SETROPTS CLASSACT(STORCLAS) RACLIST(STORCLAS)

RDEFINE STORCLASS storclas-name UACC(NONE)

PERMIT storclas-name CLASS(STORCLAS) ID(userID) ACCESS(READ)

SETROPTS REFRESH RACLIST(STORCLAS)

List a resource e.g. for CICS

RL TCICSTRN (*) ALLUSERS

Notes on deleting orphaned VSAM components

If the data or index component of a VSAM cluster become permanently disassociated with a catalog entry one of the options available is to fool the VTOC into thinking the components are "regular" datasets so that they can be deleted or renamed.
(It may well be preferable to try by other means to get the components re-cataloged officially.)
Is the dataset in use?
D GRS,RES=(SYSDSN,TSTB.TRAN.FILE0)
Firstly we need to find the CCHHR address on the disk for each component (Note the use of 3380 or 3390 as the unit name.)
//STEP1 EXEC PGM=IEHLIST
//SYSPRINT DD SYSOUT=*
//DD1 DD UNIT=3380,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
LISTVTOC DUMP,VOL=3380=LRIP90,DSNAME=(TSTB.TRAN.FILE0.DATA)
LISTVTOC DUMP,VOL=3380=LRIP90,DSNAME=(TSTB.TRAN.FILE1.DATA)
/*
At the bottom right of each entry is the CCHHR address e.g. 0000000104. Use this in the zap job below. The plan is to fool the system into thinking this is not a VSAM dataset.

(See DFSMSdfp Advanced Services manual (or equivalent) for details of the bit settings in the DSCBs.)
//PATCH1 EXEC PGM=AMASPZAP
//SYSPRINT DD SYSOUT=*
//SYSLIB DD DSN=FORMAT4.DSCB,UNIT=SYSDA,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
CCHHR 0000000104
VER 53 08C08010
REP 53 00C08010
VER 5D 12
REP 5D 00
/*
Now we should be able to manipulate the dataset using IEHPROGM.
//DELETE EXEC PGM=IEHPROGM
//SYSPRINT DD SYSOUT=*
//DD1 DD UNIT=3380,VOL=SER=LRIP90,DISP=SHR
//SYSIN DD *
SCRATCH DSNAME=TSTB.TRAN.FILE0.DATA,VOL=3380=LRIP90,PURGE
/*http://knowledge.storage.ibm.com is a useful mine of VSAM dataset and catalog recovery information. There are also utilities to help in the repair of a VVDS etc.