Security and Auditing Environment Variables

Lists environment variables related to configuring the security and auditing environment.

ES_CESN_NO_OS390

Overrides the default CESN transaction and the IMS sign-on screen response behavior for invalid user credentials.
Syntax
CESN_NO_OS390=ON
Parameter
ON
Override the default CESN transaction and IMS sign-on screen response behavior for invalid credentials, and instead produce an invalid credential message.
Default
Not set. CESN transaction and IMS sign-on screen response is Your userid is invalid or Your password is invalid.
Comments
This environment variable is considered to be turned on when set to any value, including ON.

Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XCMD

Controls the CICS CMD resource class.
Syntax
ES_CLASS_XCMD={YES|NO|class-name}
Parameters
YES
CICS CMD is the default CMD class.
NO
Security for CMDs is bypassed.
class-name
The name of a class to override the default CMD CICSCMD class.
Default
ES_CLASS_XCMD=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XDCT

Controls the CICS DCT resource class.
Syntax
ES_CLASS_XDCT={YES|NO|class-name}
Parameters
YES
DCICSDCT is the default DCT class.
NO
Security for DCTs is bypassed.
class-name
The name of a class to override the default DCT DCICSDCT class.
Default
ES_CLASS_XDCT=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XFCT

Controls the CICS FCT resource class.
Syntax
ES_CLASS_XFCT={YES|NO|class-name}
Parameters
YES
FCICSFCT is the default FCT class.
NO
Security for FCTs is bypassed.
class-name
The name of a class to override the default PCT FCICSFCT class.
Default
ES_CLASS_XFCT=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XJCT

Controls the CICS JCT resource class.
Syntax
ES_CLASS_XJCT={YES|NO|class-name}
Parameters
YES
JCICSJCT is the default JCT class.
NO
Security for JCTs is bypassed.
class-name
The name of a class to override the default JCT JCICSJCT class.
Default
ES_CLASS_XJCT=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XPCT

Controls the CICS PCT resource class.
Syntax
ES_CLASS_XPCT={YES|NO|class-name
Parameters
YES
ACICSPCT is the default PCT class.
NO
Security for PCTs is bypassed.
class-name
The name of a class to override the default PCT ACICSPCT class.
Default
ES_CLASS_XPCT=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XPPT

Controls the CICS PPT resource class.
Syntax
ES_CLASS_XPPT={YES|NO|class-name}
Parameters
YES
MCICSPPT is the default PPT class.
NO
Security for PPTs is bypassed.
class-name
The name of a class to override the default PPT MCICSPPT class.
Default
ES_CLASS_XPPT=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XPSB

Controls the CICS PSB resource class.
Syntax
ES_CLASS_XPSB={YES|NO|class-name}
Parameters
YES
PCICSPSB is the default PSB class.
NO
Security for PSBs is bypassed.
class-name
The name of a class to override the default PSB PCICSPSB class.
Default
ES_CLASS_XPSB=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XRES

Controls the CICS DOCTEMPLATE resource class.
Syntax
ES_CLASS_XRES={YES|NO|class-name}
Parameters
YES
RCICSRES is the default RES class.
NO
Security for DOCTEMPLATEs is bypassed.
class-name
The name of a class to override the default RES RCISRES class.
Default
ES_CLASS_XRES=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XTRAN

Controls the CICS TRAN resource class.
Syntax
ES_CLASS_XTRAN={YES|NO|class-name}
Parameters
YES
TCICSTRN is the default TRAN class.
NO
Security for TRANs is bypassed.
class-name
The name of a class to override the default TRAN TCICSTRN class.
Default
ES_CLASS_XTRAN=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_CLASS_XTST

Controls the CICS TST resource class.
Syntax
ES_CLASS_XTST={YES|NO|class-name}
Parameters
YES
SCITST is the default TST class.
NO
Security for TSTs is bypassed.
class-name
The name of a class to override the default TST SCITST class.
Default
ES_CLASS_XTST=YES
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_DISABLE_DFLTUSR_SIGNON

Disables the default user (mfuser) signon when invoking ES Monitor & Control (ESMAC).
Syntax
ES_DISABLE_DFLTUSR_SIGNON=Y
Parameter
Y
Disables the mfuser auto-logon after starting Enterprise Server administration via your MFDS internal security account.
Default
Not set. mfuser is signed in to ESMAC.
Comments
Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

ES_ESM_CMDSEC

Indicates whether CICS processing honors the CMDSEC option specified on a transaction's PLT definition.
Syntax
ES_ESM_CMDSEC=YES
Parameter
YES
CICS overrides the CMDSEC option, and always calls its command security checking routine to issue the appropriate call to the SAF interface.
Default
Not set. CICS honors the CMDSEC option defined in a transaction's resource definition. CICS calls its command security checking routine only when CMDSEC(YES) is specified in a transaction resource definition.

ES_ESM_PLTPISEC

The level of security checking for PLTPI processing.
Syntax
ES_ESM_PLTPISEC={NONE|CMDSEC|RESSEC|ALL}
Parameters
NONE
No security checking is performed on PLT initialization programs.
CMDSEC
CICS performs command security checking only.
RESSEC
CICS performs resource security checking only.
ALL
CICS performs both command and resource security checking.
Default
ES_ESM_PLTPISEC=NONE

ES_ESM_RCF

Determines how RACF is used for command authorization.
Syntax
ES_ESM_RCF={A|C|N|S|T|Y}
Parameters
A
A combination of options T, C, and S.
C
Use RACF for ETO terminal command authorization.
N
RACF does not perform sign-on, transaction, or command authorization.
S
Use RACF for static and ETO terminal command authorization. Includes option C.
T
Use RACF for sign-on and transaction authorization.
Y
A combination of options T and C.
Default
ES_ESM_RCF=N

ES_ESM_SECPRFX

Indicates whether CICS processing adds a prefix to resource names when making security queries.
Syntax
ES_ESM_SECPRFX={NO|YES|prefix}
Parameters
NO
Use no prefixes.
YES
Uses prefix resource names with the CICS region user ID.
prefix
Define a prefix for resource names as an alphanumeric string that starts with an alphabetic character, and is one to eight upper-case characters in total.
Default
ES_ESM_SECPRFX=NO
Comments
This environment variable is applied only to CICS classes.

ES_ESM_XUSER

Indicates whether CICS processing performs surrogate user checks.
Syntax
ES_ESM_XUSER={NO|YES}
Parameters
NO
No surrogate user checking is performed.
YES
Perform surrogate user checking wherever such checks are permitted.
Default
ES_ESM_XUSER=YES

ES_OLD_SEC_TSTD

Prevents security being enforced for TS or TD queues that are not declared in the security repository.
Syntax
ES_OLD_SEC_TSTD=ON
Parameter
ON
Prevents security being enforced for TS or TD queues that are not declared in the security repository.
Default
Not set. security is enforced for TS or TD queues that are not declared in the security repository.
Comments
This environment variable is considered to be turned on when set to any value, including ON.

ES_SURROGATE_JOB_USER

Associates a user ID with a job when submitting the job for processing through the internal reader from CICS.
Syntax
ES_SURROGATE_JOB_USER=ON
Parameter
ON
The user ID that started the enterprise server region is used in the job submission.
Default
Not set. The CICS default user CICSUSER, or as specified by ES_USR_DFLT_CICS, is used in the job submission.
Comments
This environment variable is considered to be turned on when set to any value, including ON.

Micro Focus recommends that you use the Advanced Region Properties page in the Enterprise Server Common Web Administration (ESCWA) interface to configure this environment variable. See Advanced Region Properties for more information.

MF_ROOT_CERT

Enables the MF Directory Server process and any client applications to find the root certificate file.

MFAUDIT_LOGS

The location of audit files.

USSCONFIG

Points to the location of the SSL cipher suite specification file(s) used by the CIPHERS attribute in the CICS URIMAP or TCPIPSERVICE resource.
Syntax
USSCONFIG=cipher-path
Parameter
cipher-path
The absolute path to the cipher suite specification file or files.
Comments
For details about ciphers and cipher files, see the Security Attributes > Ciphers section of the Universal Resource Identifier Map topic.