Installing the Simultaneous Usage (SU) Facility

The database job that performs the centralized FOCUS I/O runs in its own address space, and makes its presence in the system known through a communication data set that is accessed by all TSO users and batch jobs that it services. This data set plays a role only in the initial handshake. Subsequent transfers of commands and of data between the central database job and client jobs or TSO IDs take place entirely in virtual storage.

The communication data set must be allocated and catalogued on a permanently mounted volume, and its name must be chosen so as to allow WRITE access by the central database job and READ access by any other TSO ID or batch job. The allocation is for a minimal amount of space for a single 16-byte fixed-length record. The actual data set name is irrelevant but we recommend using something suggestive of its role:

ATTR ADCB LRECL(16) RECFM(F) BLKSIZE(16)
ALLOCATE DA('SYS1.FOCSU.DATA') CATALOG SP(1) TRACK USING(ADCB)

You may want to run several central database jobs, each dedicated to a set of FOCUS data sources associated with a particular application. To do so, you must allocate a different communication data set to each such job.

This auxiliary FOCUS database is accessed in READ mode by the central database job, but not by the TSO users or batch jobs that it services. The same auxiliary database can be used by all central database jobs, if there is more than one. The following process creates it:

ALLOCATE F(MASTER) DA('prefix.FOCCTL.DATA') SHR
ALLOCATE F(ERRORS) DA('prefix.ERRORS.DATA') SHR
ALLOCATE F(FOCUSSU) DA('SYS1.FOCUSSU.FOCUS') CATALOG SP(1) TRACKS +
     LRECL(4096) BLKSIZE(4096) RECFM(F)
CALL 'prefix.FOCLIB.LOAD(FOCUS)'
CREATE FILE FOCUSSU
FIN

where:

prefix

Is the high-level qualifier for your FOCUS production data sets.

In this section: Using the FOCUS/SU Security Interface Making FOCUS Database Servers Non-Swappable

The only installation step is authorization of the FOCLIB.LOAD library. An operating systems programmer must authorize the entire FOCLIB.LOAD library. This process allows some of the modules in FOCLIB.LOAD to issue certain privileged operating system functions, including making security requests. The module that actually issues the security requests is module SUSI. The HLISECUR module in FOCLIB.LOAD is the only module with a non-zero authorization code, meaning it is the only module that can be invoked directly as an authorized program. All other modules in FOCLIB.LOAD have authorization codes of zero, meaning they can only run authorized if invoked properly by HLISECUR.

The program HLISECUR simply links to the module HLISNK, which controls the FOCUS Database Server. This must run authorized so that the interface can later invoke module SUSI to do the security access checking.

The program SUSI checks security access on behalf of the source user. This program runs under the authorization of HLISECUR in order to issue the RACROUTE macro.

The modules HLISECUR and SUSI are the only modules in FOCLIB.LOAD that must run authorized.

Source code for these modules is provided on the tape to permit you to verify, if you wish, that these modules do not pose a system security risk when installed as authorized modules. The source code for HLISECUR and SUSI can be found in members HLISESRC and SUSISRC in the FOCCTL.DATA library.

SET SUSI=ON

//SINK EXEC PGM=HLISECUR,PARM='parameters'

PPT PGMNAME(HLISNK)NOSWAP CANCEL
PPT PGMNAME(HLISECUR)NOSWAP CANCEL