Secure Screen Rules Maintenance

How to Get There

From the Secure Screen menu, select option 10 to display the Work with Secure Screen Filters panel, or enter LEDTPSSFTR in the command line.

What it Does

The Rules Maintenance panel lists all filters you currently have in place, and their values. From the panel, you can add, change, copy, delete, and display filters. You can set up rules for using Secure Screen by defining filters. This function maintains the filters file PSSNAP. Filters are applied to jobs that reach an inactive timeout. The action taken depends on the filter that first matches the characteristics of the inactive job.

Field Descriptions

Opt

The possible values are:

2=Change
The selected filter is to be changed. See the Change a Filter panel.
3=Copy
The selected filter is to be copied. See the Copy a Filter panel.
4=Delete
The selected filter is to be deleted.
5=Display
The selected filter is to be displayed. See the Display a Filter panel.
Type

The type of filter. There are six types of filters.

The possible values are:

*DEVD Device Description
*SBSD Subsystem Description
*RMTLOC Remote Location
*USRPRF User Profile
*GRPPRF Group User Profile
*ACGCDE  Accounting Code
Identifier

Specifies the name of a device, subsystem or user, a remote location or an accounting code. A user can be either an individual user profile or a group profile. A location can be either an SNA location or an IP address. An accounting code is used by system job accounting and is normally found as an attribute of a user profile or a job description. Note that accounting codes may also be set dynamically by programs when a job is running. An IP address location should have an IP mask also specified.

Mask

Specifies the subnet mask to apply against an incoming IP address. If the incoming IP address masks to the IP address of the filter, the rule is enforced.

Examples:

IP location: 10.0.1.5

Mask: 255.255.255.255

Matches: 10.0.1.5

 

IP location: 10.0.1.5

Mask: 255.255.255.0

Matches: 10.0.1.0 thru 10.0.1.255

 

IP location: 10.0.1.5

Mask: 255.255.255.254

Matches: 10.0.1.4 thru 10.0.1.5

 

IP location: 10.0.1.5

Mask: 255.255.255.128

Matches: 10.0.1.128 thru 10.0.1.255

NOTE: The last two examples show that the subnet mask must be applied by the monitor program to the filter IP address as well as to the remote location address. Because of this, the mask is applied when the filter is entered, and the masked address is what is actually stored in the filter record.
Notify Administrator

Specifies to send a message to the administrator message queue when the job is inactive. The message queue name comes from the PSSANFYMQ data area.

The possible values are:

*MSG The inactive message will be copied to the administrator message queue.
blank The value is ignored.
Action

Specifies the action to take when an identifier is matched.

The possible values are:

*DSCJOB The job will be disconnected.
*ENDJOB The job will be ended.
*MSG A *break message is sent to the workstation message queue of the inactive job. This is used when all that is wanted is a warning.
*IGNORE No action is taken if a job matches this filter.
Log

Specifies the joblog option. This is only meaningful when the action is *DSCJOB.

The possible values are:

*LIST Print the job log.
*NOLIST Do not print the job log.
*N Use the default from the *DSCJOB command on your system.
Drop

Specifies whether or not the connection is to be dropped if the job is disconnected or ended.

The possible values are:

*DEVD The drop value is taken from the device description.
*YES The connection will be dropped.
*NO The connection will be left available.
*N The default from the *DSCJOB command on your system is used.

Command Keys

F3 (Exit): Exit the screen without processing any pending changes.

F5 (Refresh): Refreshes the screen and resets all available text fields.

F6 (Add): Add a new Secure Screen filter.

F7 (Select System): Use this command key to work with data from a different System.

F12 (Cancel): Exit the screen without processing any pending changes.

F17 (Top): Positions the list screen to the first record.

F18 (Bottom): Positions the list screen to the last record.

F20 (Position List): Positions the list beginning with the specified Filter Type and Filter ID.