Defining the FMN0PARM member

If auditing is to be controlled from parmlib, then member FMN0PARM must be defined in SYS1.PARMLIB (or any other library in the logical parmlib concatenation).

Default parmlib member FMN0PARM is provided in the SFMNSAM1 library. Copy this member to the appropriate system parmlib library. See below for details of methods that can be used to make this change.

Note: The sample FMN0PARM member supplied in SFMNSAM1 also includes a FMSECRTY statement. This option is not used at present, and can be either omitted, or commented out. It has no effect.

There are two methods that can be used to include the FMN0PARM member in a library in the logical parmlib concatenation. The choice of method depends on whether the installation's security software is configured to allow File Manager users READ access to the data set SYS1.PARMLIB. Method 1 can only be used when File Manager users have read access to SYS1.PARMLIB. Method 2 can be used regardless of whether File Manager users have READ access to SYS1.PARMLIB or not, and must be used when File Manager users do not have READ access to SYS1.PARMLIB.

Method 1
Place the FMN0PARM member in any library in the current logical parmlib concatenation. No IPL or other action is required to activate the new member (unless a new library was added to the logical parmlib concatenation).
Note:
  1. Method 1 cannot be used in any situation where File Manager users do not have READ access to SYS1.PARMLIB. For example, when File Manager users have READ access to another library in the logical parmlib concatenation, and the FMN0PARM member is placed in the latter library. This will not work. The key issue is whether the File Manager user has READ access to SYS1.PARMLIB.
  2. Using this method results in message IEE252I being written to the system log whenever a File Manager user accesses SYS1.PARMLIB. These messages cannot be suppressed. To avoid these messages use Method 2.
Method 2
This method must be used when File Manager users do not have READ access to SYS1.PARMLIB, or when suppression of the IEE252I messages is required.
  1. Create a new library with dataset attributes similar to SYS1.PARMLIB.
    The library name for this data set must include the string "FMNPARM" in one of the qualifiers. You can choose any data set name that meets this requirement. Examples of suitable data set names are:
    • SYS1.PARMLIB.FMNPARM
    • SYS8.FMNPARM.PARMLIB
    • FMNPARM.SYS8.PARMLIB
    • SYS2.FMNPARMS.LIB
    • SYS8.XFMNPARM.PARMLIB
  2. Add member FMN0PARM to the new library, specifying the appropriate FMAUDIT parameter.
  3. Add the new library to the logical parmlib concatenation. This can be done dynamically, or by means of a system IPL.
Note: When Method 2 is used, the FMN0PARM member must be located in the library created in step 1. If the FMN0PARM member specifies any include statements (see Facilities for customizing the FMN0PARM definitions), all of the included members must also reside in the same library.
You use the FMN0PARM member to define:
  • Whether File Manager uses SAF to control File Manager audit logging.
  • The SAF resource name prefix to be used by File Manager when determining access to various resources.
  • Whether File Manager loads the FMN0POPT module from a specific library.

For more information, see File Manager options specified in FMN0PARM.