- A new command, PCSMONSTS, has been created to allow certain resources to be disabled and enabled. The Deferred Action Queue monitor job can be disabled. Once disabled, the PCSDAQMON job will not be allowed to start by any means, thus preventing the PTWRKMGT subsystem from being started automatically. During the time the Deferred Action Monitor is disabled, deferred Actions will be enqueued but will not be executed until the Deferred Action Monitor is started.
- Two new reports have been developed that display the list of Monitored Commands that make use of each Named Condition or Named Action. These reports are accessible from the Work with Named Condition and Work with Named Action panels, or via the PCSPRTCNDU (Print Named Condition Usage) and PCSPRTACTU (Print Named Action Usage) commands.
- A new view has been added to the Work with Monitored Commands list that shows the number of times each Monitored Command has been used in a short, recent time period (today, yesterday, or last 24 hours).
- Three new commands have been added to support automated creation and deletion of Monitored Commands, PCSCPYCMD, PCSNEWCMD, and PCSDLTCMD.
- Command security now notices damage to the PCS Deferred Action Monitor data queue (PCSDAQ) and repairs it automatically.
- Options have been added to the Work with Monitored Commands, Work with Named Conditions, and Work with Named Actions list displays to allow a selected item and its rules to be printed. Each of the list displays also now supports F17 to print the complete listing of items. The Work with Monitored Commands display has been further enhanced with the ability to invoke the PCS Journal Report (PCSJRNRPT) for a specific Monitored Command.
- The name of the program that executed a Monitored Command is now printed on the PCS Journal Report.
- Each rule printed on the Monitored Command listing, the Named Conditions listing, and the Named Actions listings will now include the status (*ACTIVE or *INACTIVE) for that rule.
- All reports run from Command Security panels are now submitted to batch using the job description on the administrator's user profile. On the Reports Menu, you have the option to run them immediately or in batch.
- For all "Compare to" values, any value that begins with an asterisk will be allowed. If the "Compare to" value does not begin with an asterisk, it must match the data type of the command keyword (date, time, integer, etc). This allows the user to enter a wide range of special values while still providing a reasonable chance of picking a value that might work.
- When selecting commands to monitor, the command finder list now supports a generic filter for the command name, as well as expanded library selections like *LIBL, *USRLIBL, and *ALLUSR. Additionally, F13 has been added to allow you to repeat a list option all the way to the end of the list. This allows you to select a wider range of commands to monitor more quickly than you could before.
- Sometimes a command can never be changed at run-time by Command Security due to limits imposed by the Operating System. When creating or changing Actions for one of these Monitored Commands, a yellow phrase now appears on the panel indicating that the command string cannot be overridden at run-time. Additionally, those actions that modify the string will not be allowed to be selected from the finder nor specified manually.
- The PCSJRNRPT (Journal Report) command has been repaired so that administrators with no special authority can run the report as long as the administrator's user profile is a member of the PTADMIN authorization list.
- Occasionally the PCS Journal Report would report that an action failed, but it would not print the message text associated with the error. This has been corrected so that the PCS Journal Report will print the correct message text for future errors. This does not correct Action failures logged in the past.
Monitoring certain commands used by IBM screens sometimes caused the &CMDNAM variable to return odd values, for example, "X:". This was most common when monitoring DLTUSRPRF and deleting a profile from WRKUSRPRF. The &CMDNAM variable content has been corrected.
- When determining the calling program for a Monitored Command, HelpSystems' own exit point programs are now omitted from consideration as the calling program. This includes GSCC0100 for the SBMJOB command.
- Certain commands with qualified parameters, where one part of the parameter is a constant value, caused Command Security to disallow that keyword for selection in a Condition's Data Source. This has been repaired so that the keyword for any parameter that contains any displayable data will be available for selection.
Corrections have been made to the PCSJRNRPT (PCS Journal Report) command:
- The PCS Journal Report has been enhanced to output the program name that invoked a Monitored Command.
- An instance was corrected whereby the PCS Journal Report output contained incorrect data associated with a Monitored Command when run.
- The report generated from command PCSPRTCMDS (Print Monitored Commands) has been changed to include the status of each rule associated with a Monitored Command.
- Three new command objects (PCSCPYCMD, PCSDLTCMD, and PCSNEWCMD) have been added to Command Security to aid with the management of Monitored Commands in batch environments.
A problem causing an internal locking mechanism to fail to perform an unlock, resulting in the failure of a monitored command, has been resolved. (The associated job where the command was being executed from displayed a consistent status of SEMW.)
- A loophole where the internal semaphore unlock failed to occur has been closed.
- The initial sentence of the help text for the PCSJRNRPT command, which incorrectly referenced a Command Security setting, has been corrected.
- F5 (Refresh) for PCS2880 no longer causes an error when the list it displays contains no entries.
- PCS2880 no longer displays the incorrect text when the list is empty. (Previously the copyright message would appear in this case. Now the correct message, that no data exists, is displayed.)
- Command Security is now delivered with new deployment functionality, including the ability to stage the product installation.
- Failure to prompt and subsequently execute a monitored command due to a duplicate command name in different library has been resolved.
- Panel PCS3231’s screen legend for “Ignore text case” has been changed to more accurately reflect the nature of the parameter.
- A new utility program, PCS9990, has been added to the product. This program can be used if one of the system semaphores used by Command Security becomes “stuck” and is adversely affecting product functionality.
- The handling of proxy commands has been modified in order to work with new IBM PTFs.
- The F9=Retrieve function now works for monitored commands.
- The Remove Keyword function (*RMVKWD) no longer overwrites the previous keyword in some cases.
- Licensing updates.
- The installation procedure has been modified to retain existing special authorities for PTADMIN.
- The validation on keyword type NAME has been changed to allow special values (values that start with *).
- Network Security displays the appropriate descriptions when creating a condition with Data Source *JOBTYPE.
- Command Security now finds any program in your call stack when a condition has been created to check for one.
- Rules employing the MSG Action no longer send incorrect messages when conditions are met.
- Object validation now allows 10-character library names.
- Added system information to report headings
- Fix update lock when product fails with “Objects are locked in PTCSLIB”.
- Correct problem when Journal Report fails with “Message ID not found”
- New Data Sources for Condition checking (*ACGCDE, *JOBUSER, *LMTCPB, *SPCAUT, *USRCLS, *USRPGM)
- New Action (*QUEUEMSG) which sends a message to a message queue
- Correctly handle MEMBEROF condition when multiple values are entered.