Publication Date:  16 February 1996
System Version:  GCCS 2.1/Update 4
Web Page Created:  20 March 1996

Setup.  To accomplish this lesson, you need access to JOPES on the TS3 mainframe with all functional permissions including GRT.

Overview.  During this lesson, you will review and administer JOPES permissions on the TS3 mainframe.

OBJECTIVE.  From a list of possibilities, predict the possible outcomes if certain specific system level permissions have not been granted.

Overview of Required Coordination to Access JOPES.  The FM is usually the point of contact between the users of the system and those individuals involved with administering the system.  The FM does not do it all, but the FM can provide lots of advice and guidance.
WASSO/WIN Site Coordinator Actions.  The first step in the road to obtaining permissions begins with the local WSC.  The permission request (including the PER and the PJ) is forwarded to the WSC responsible for the mainframes where it is passed to the WASSO responsible for the mainframes.  That WASSO creates a PIC to go with the requested Person ID and Project Code and enters that into the mainframe.  The mainframe WASSO then passes the PIC to the local site WASSO who passes it to the user to whom it belongs.
PER, PJ, and PIC.  That is how your PER, PJ, and PIC are created and entered into the system.  This does not provide the user access to JOPES.  All it does is provide access to the timesharing capabilities of the mainframe.

Both Hosts.  The addition of this user to the system must be accomplished at both hosts.  Otherwise, this user would have access to the primary site, but not the backup, or vice versa.

TS3 System Administrator Actions.  The system administrator does not get involved with the addition of new users.  They get involved with the addition of new workstations to the system or the deletion of current ones from the system.

STU Device.  The new user will need access to the key to be able to enable the STU III.

G-LINK.  The G-LINK software is not user specific.  The only thing that the new user will need is the name of the command that launches the software package.

FM Actions.  The FM is the individual who has the greatest role to play in getting new users into the system.

Coordination.  As noted above, guidance to the new user and coordination with the WSC and WASSO will get the permission granting sequence started.  The FM must also coordinate with the TDBM.  The FM and TDBM each have requirements to accomplish before the new user is operational.

JOPES Functional Permissions.  The FM is responsible for the granting of OPLAN access and all functional permissions regarding those OPLANs.

TDBM Actions.  The TDBM must grant each new user access to several files from system (root) level.

Those are the individuals involved in getting a new user into the system and in providing JOPES access.  Now you will concentrate on the specifics of what the FM does.

OBJECTIVE.  From a list, match the JOPES functional permission definitions with their names.

Database Functional Permissions.  Database functional permissions are the FM's responsibility.
JDS Database (Exercise vs Real World).  The JDS database is split into two parts called Exercise and Real World.  Each is treated separately and permissions are granted separately to each.
OPLAN Series.  The FM will grant each user access to specific OPLANs by the series assigned to each supported CINC.

Functional Permission Categories.  After access is granted to specific OPLANs, then specific "what that user can do" to those OPLANs is granted.  As you learned in Lesson 8, there are eight categories of functional permissions to control access to specific subsystems and functions.

Now that you know who is responsible for providing access and permissions to TS3 and the OPLANS, complete the following PE by matching the appropriate functional permission (or permissions) with each specific users requirements.

Filespace Permissions.  If the user needs to save specific queries that have been created or wants to save backup copies of OPLAN data to a file on the mainframe, the FM will also coordinate with the TDBM or WASSO for access for that user to the required file space.

Having the knowledge of what to do is a little bit different than actually doing it.  So you will grant OPLAN series and functional permissions to a new user.

OBJECTIVE.  Given a WWMCCS environment, administer JOPES permissions for a new user.

Manipulate Permissions Using JDS/Mainframe Software.
Granting Permissions.  The FM has special grant permissions and uses them to control access to JOPES.  The procedures for granting permissions are the same for either the real world or the exercise database areas.
OPLAN.  Once the FM determines which plan series and database area are required, the FM can grant initial permissions to a user.

This screen allows a printed report or the modification or addition of functional permissions.

Note:  Enter PWIN, USERID, a POC, and DSN number in the Site Ident Brackets to facilitate user identification.

Note:  Notice that this screen looks like the G Subsystem, which is used to review permissions.  This screen can be used to review or make changes to permissions, whereas the G Subsystem only permits review of those permissions.

Functional Permissions.  Functional permissions are essentially another level of security that limits functional capability and access to JOPES information.

Note:  Review Table 5-2, TD 18-14-1 Vol 4.  This table lists the specific functional permissions required for many of the subsystem/function codes by subsystem and function.

Note:  This screen lists the types of permissions applied to specific JDS files for the project code that was just entered.  The types of file permissions assigned are read, write, and modify.  Space and transmit through these screens until the FUNCTION? prompt reappears.

Note:  The rele command will release the job from SYSOUT.

Note:  The FM could do a review of the USERID on the Assign/Change/Review Permissions and Site Ident (Figure 9-2) before making any additions or modifications.  The user will only have permissions to the designated plan series.  The Site Ident block may be filled in on this screen, the standard default is ' PWIN, User ID'.  The Site Ident determines the routing and accounting of resources in the timesharing environment.

As the FM, you may give as many permissions to the system as needed, but how do you keep track of what is in the system and what you have done over a period of time?  You will now look at the USERID Report displayed to your terminal.

Note:  Navigate to the Subsystem/Function HQ on the exercise database.

Note:  This screen permits the user to run a report for either the exercise or real world database.  The results can then be displayed at the user's terminal or to a designated printer.  You will do the keystrokes to display the results at the terminal.

Note:  An 'X' under OPLAN Series and Permissions indicates access to that OPLAN series and the level of functional permissions authorized.

In some cases, the USERID Report is voluminous and you may want to generate a batch report so that you can review it at your convenience.  You will now look at the steps to generate the batch report.

Note:  G-LINK printing procedures would be used to print this report at your local printer.  An example of the report is provided in Figure 9-7.

Note:  This report is like the screen display in Figure 9-6, except for the addition of each user's site IDENT on the right side of the report.

Your responsibility does not end with granting JOPES permissions, but an important aspect of permissions management is the removing of those permissions as required.  You'll get an opportunity to perform this function in the following practical exercise.

Note:  Secure instructor permission before continuing.

When a user requests JOPES functional permissions, this often translates to JDS permissions.  What happens when a user also needs JOPS permissions?  Doesn't the JOPS user access the JOPS screens from the JOPES menu?  So, why does the user have JDS permissions but not JOPS permissions?  These are all valid questions that you may encounter as an FM.  So, what are the answers?  You have seen how JDS permissions are granted, let us turn our attention to JOPS permissions.

Manipulate Permissions Using JOPS/Mainframe Software.

Overview.  During this portion of the lesson, you will address the reasons for different types of permissions for JOPS and what they are.
Background.  JOPES Version 1, which was released in November 1989, was the first attempt to provide the user with a single entry point for JDS and JOPS.  Several releases and patches later, the user may enter and exit JOPS from the JOPES Master Menu.  Prior to that, however, access to JOPS was from the TSS prompt.  Permissions to JOPS has basically remained the same, even though the user may enter through the JOPES Master Menu.  They reside separately on the database, hence two different types of permissions are required.

Permissions.  Once again, permissions to the JOPS software are no more than file permissions.  A user may request JOPS permissions without a need for JDS permissions and have those permissions granted.  However, to successfully access JOPS, the user must also have reference file permissions.  When the individual is given JDS permissions, "reference files" permissions are automatically granted at the correct levels.

Granting Permissions.  A user who needs JOPS permissions will need to work with the FM who coordinates with the TDBM shop to attain JOPS access.

FM Actions.  Once the FM receives a request from a user for JOPS permissions, the FM should check with the WASSO to verify that the individual has the necessary clearance, establish the requirement for the needed file space, and ensure that the User ID is valid.  The FM should then coordinate with the TDBM to make the necessary file modifications to grant access to the JOPS files and any reference files as needed.

TDBM Actions.  Once the TDBM receives the request from the FM, the TDBM makes the necessary files modifications to grant access to the JOPS files.  The TDBM must give modify permission to the subcatalogs immediately below the J99IDPX0 user master catalog (UMC).  J99IDPX0 is the JOPS CMDLIB.

Summary.  During this lesson you have been exposed to the administration of permissions on the mainframe for the TS3 system.  There are two applications on the system which will require your attention.  Permissions are not an FM only responsibility, but are shared with the TDBM, WSC, and WASSO.