.-ON-. >>-+-/SIGN-+--+-+----+--userid--| A |-+------------------------>< '-/SIG--' '-OFF-------------------' A: |--+-----------------+--+------------+--+----------------+------> '-USERD--userdesc-' +-userpw-----+ '-APPL--applname-' '-PassTicket-' >--+------------------+-----------------------------------------> '-GROUP--groupname-' >--+-------------------------------------+--+----------+--------| '-NEWPW--nuserpw--+-----------------+-' '-userdata-' '-VERIFY--nuserpw-'
Table 150 lists the environments (DB/DC, DBCTL, and DCCTL) from which the command can be issued.
Command | DB/DC | DBCTL | DCCTL |
---|---|---|---|
/SIGN | X | X |
The /SIGN command is used to sign on and sign off at terminals attached to IMS. This command enables IMS to identify who is using the terminal and to determine if you are authorized to enter the transaction or command.
When SGN=G, Z, or M is specified, the user can sign on multiple times to both STATIC and ETO terminals when the structure name is different from the user ID.
The status fields of /DISPLAY NODE and /DISPLAY LINE PTERM indicate whether a terminal is signed on with the word SIGN.
From terminals that require signon, commands other than /SIGN or /RCLSDST are rejected if transaction authorization is requested. Static terminals requiring a signon also have enhanced command authorization with RACF or an equivalent product if RCF=S or RCF=A is specified at system startup.
At terminals not requiring signon, transactions are passed to RACF, an equivalent security product, or a user exit for authorization checking. If /SIGN ON is entered at a terminal not requiring a signon, the signon is processed as if the terminal required a signon. That is, the terminal is placed in a signed on status with the user ID until a /SIGN OFF or another /SIGN ON command is entered. For switched terminals, the /IAM command must be issued before the /SIGN ON command.
After any IMS restart or terminal disconnect, the remote terminal operator is required to sign on again using the /SIGN ON command. A terminal can be disconnected by:
Signon status is also reset by the /START LINE, /START LINE PTERM, and /START NODE commands and auto signoff.
The remote terminal operator must wait at a static physical terminal for confidential responses, because responses queued for a given physical terminal are sent even if the physical terminal is signed off. If the remote terminal operator must be absent, the /LOCK command can be used to prevent output from being received. Confidential output sent to a dynamic user is queued to the user instead of to the physical terminal when the user has signed off. A successful signon of an existing user turns off the DEADQ status for the user, if that status exists.
If RACF is used, APPL= should specify the name of the RACF PTKTDATA profile for IMS as defined to RACF by the creator of the PassTicket. If the name of the PTKTDATA profile is the same as the IMSID, the APPL keyword is not needed. For more information on the RACF secured signon PassTicket, see the RACF Macros and Interfaces manual. For more information on using the secured signon function, see the RACF Security Administrator's Guide.
userpw GROUP groupname NEWPW nuserpw
Restriction: You can use this keyword only when responding to an IMS DFS3656A message and as an alternative to re-entering the password on the DFS3656 panel.
For the user exit routine DFSCSGN0, the user ID and userdata parameter values are defined by the installation.
Another method of signing off a terminal is to reenter the /SIGN ON command. This method initiates a new signon at the terminal without having to enter the /SIGN OFF command.
The /SIGN OFF command resets status that is not significant such as preset mode, test mode, response mode, lock lterm, pstop lterm, and purge lterm.
/SIGN OFF for ETO users will also take other actions depending on the recovery settings for the user:
If global resource information is kept in Resource Manager, /SIGN OFF deletes the user ID from Resource Manager (if single user signon enforced) and resets status globally. If the user has no status, /SIGN OFF deletes the user and associated lterms from Resource Manager.
Entry ET:
DFS3649A /SIGN COMMAND REQUIRED FOR IMS DATE: 11/03/92 TIME: 14:39:33 NODE NAME: DT327001 USERID: IMSUS01 PASSWORD: IMSPW01 USER DESCRIPTOR: GROUP NAME: NEW PASSWORD: OUTPUT SECURITY AVAILABLE
Response ET:
DFS3650I SESSION STATUS FOR IMS DATE: 11/03/92 TIME: 14:41:48 NODE NAME: DT327001 USERID: IMSUS01 PRESET DESTINATION: CURRENT SESSION STATUS: OUTPUT SECURITY AVAILABLE
Explanation: The user with user ID IMSUS01 and password IMSPW01 has successfully signed on to a dynamic terminal. The signon is done with the panel (DFS3649A).
Entry ET:
/SIGN IMSUS02 IMSPW02
Response ET:
DFS3650I SESSION STATUS FOR IMS DATE: 11/03/92 TIME: 14:41:48 NODE NAME: DT327001 USERID: IMSUS02 PRESET DESTINATION: CURRENT SESSION STATUS: OUTPUT SECURITY AVAILABLE
Explanation: The user with user ID IMSUS02 and password IMSPW02 has successfully signed on to a dynamic terminal. The signon is done with the /SIGN command.
Entry ET:
/SIGN IMSUS03 IMSPW03
Response ET:
DFS3650I SESSION STATUS FOR IMS DATE: 11/03/92 TIME: 14:45:53 NODE NAME: L3270A USERID: IMSUS03 PRESET DESTINATION: CURRENT SESSION STATUS: NO OUTPUT SECURITY AVAILABLE
Explanation: The user with user ID IMSUS03 and password IMSPW03 has successfully signed on to a static terminal.