2.12.2 Security and Communication Services (SACS) Security Command Codes

Manual Transmittal

April 5, 2019

Purpose

(1) This transmits new IRM 2.12.2, Security and Privacy, Security and Communications Services (SACS) Security Command Codes.

(2) This is the help guide to all SACS Security Command Codes

Material Changes

(1) This IRM 2.12.2 transmits the help guide for all the SACS Security Command Codes that are available and used by Security Officers. It contains information of the formats, their variables and their description.

Effect on Other Documents

None

Audience

IDRS Security Officers

Effective Date

(04-05-2019)

S. Gina Garza
Chief Information Officer

ADDEM - Add Employee Security Record File (ESRF)

  1. ADDEM adds a user's ESRF to the SACS system.. There are three different ways to add an employee to the system:

  2. Format 1 adds returning end users or Console users to their previous unit

  3. Format 2 adds new end users or new Console users or returning users to a different unit

  4. Format 3 adds new end users or Console users or returning users and specifies all 10 digits of the Employee Number

  5. In all three options, definer N establishes a Production Profile which may only be used when the employee has changed mode to a Foreign Location (CMODE) -- they have NO Profile at their Home Location.

Format 1 : Add returning end users or Console users to their previous unit

  1. Format: ADDEMdsss-ss-ssss ttt pppppp
      llllll fff
      S aaaaa
      T nnn-nnn-nnnn [xNNNNN] [MGR]
      i mm/dd/yyyy
      ccode ccode
       
    Where: d is definer P (Production), N (Production but NULL at home), T (Training), I (IMF only), B (BMF only), or blank
      s is Social Security Number
      t is Employee Type (SAT, PRG (Programmer), or TRB (TRDB user)) {optional}
      p is Operator Type (see Exhibit 2.12.2-1 for restrictions)
      l is last name (min of 2 characters - max of 20). Can not use hyphens, spaces, apostrophes, or suffixes (Jr., Sr. III, etc).
      f is first name (min of 1 character - max of 15)
      S is SEID Indicator Literal - mandatory.
      a is SEID digit (the SEID is 5 alpha-numeric characters, no vowels)
      T is Telephone Number Indicator Literal {optional}
      n is telephone number digit (area code and dashes mandatory)
      xNNNNN is literal x + 1-5 digit extension {optional}
      MGR is manager literal {optional}
      i is Investigation Indicator: I (Investigation initiated), C (Investigation Completed); E (Enter on Duty)
      mm/dd/yyyy is "Investigation date" or "Enter-On-Duty date"
      ccode is Command Code to be added {optional}

    Note:

    Format 1 is used for returning end users or Console users that have been deleted from the system and want to remain in the same Unit. They will receive the same Employee Number they had when they were deleted from the system.

    Note:

    The Telephone Number is optional.

    Note:

    The Command Code(s) are optional. One, two or all can be entered.

    Note:

    Operator Type is only valid for Console users.

Format 2 : Add new or returning end users or Console users to a different unit

  1. Format: ADDEMdsss-ss-ssss uuuuu ttt pppppp
      llllll fff
      S aaaaa
      T nnn-nnn-nnnn [xNNNNN] [MGR]
      i mm/dd/yyyy
      ccode ccode
       
    Where: d is definer P (Production), N (Production but NULL at home), T (Training), I (IMF only), B (BMF only), or blank
      s is Social Security Number
      u is Unit Number
      t is Employee Type (SAT, PRG (Programmer), or TRB (TRDB user)) {optional}
      p is Operator Type (see Exhibit 2.12.2-1 for restrictions)
      l is last name (min of 2 characters - max of 20). Can not use hyphens, spaces, apostrophes, or suffixes (Jr., Sr. III, etc).
      f is first name (min of 1 character - max of 15)
      S is SEID Indicator Literal - mandatory.
      a is SEID digit (the SEID is 5 alpha-numeric characters, no vowels)
      T is Telephone Number Indicator Literal {optional}
      n is telephone number digit (area code and dashes mandatory)
      xNNNNN is literal x + 1-5 digit extension {optional}
      MGR is manager literal {optional}
      i is Investigation Indicator: I (Investigation initiated), C (Investigation Completed); E (Enter on Duty)
      mm/dd/yyyy is "Investigation date" or "Enter-On-Duty date"
      ccode is Command Code to be added {optional}

    Note:

    Format 2 is used with a new end user or Console user. It is also used when a returning user wants to be added to the system under a different Unit Number. The last five digits of the Unit Number (Sequence Number) will normally be the same as the user had when deleted, if it is available

    Note:

    The Telephone Number is optional.

    Note:

    The Command Code(s) are optional. One, two or all can be entered.

    Note:

    Operator Type is only valid for Console users.

Format 3 : Add new or returning end users or Console users and specify all 10 digits of the Employee Number

  1. Format: ADDEMdsss-ss-ssss uuuuunnnnn ttt pppppp
      llllll fff
      S aaaaa
      T nnn-nnn-nnnn [xNNNNN] [MGR]
      i mm/dd/yyyy
      ccode ccode
       
    Where: d is definer P (Production), N (Production but NULL at home), T (Training), I (IMF only), B (BMF only), or blank
      s is Social Security Number
      u is Unit Number
      n is Sequence Number
      t is Employee Type (SAT, PRG (Programmer), or TRB (TRDB user)) {optional}
      p is Operator Type (see Exhibit 2.12.2-1 for restrictions)
      l is last name (min of 2 characters - max of 20).Can not use hyphens, spaces, apostrophes, or suffixes (Jr., Sr. III, etc).
      f is first name (min of 1 character - max of 15)
      S is SEID Indicator Literal - mandatory.
      a is SEID digit (the SEID is 5 alpha-numeric characters, no vowels)
      T is Telephone Number Indicator Literal {optional}
      n is telephone number digit (area code and dashes mandatory)
      xNNNNN is literal x + 1-5 digit extension {optional}
      MGR is manager literal {optional}
      i is Investigation Indicator: I (Investigation initiated), C (Investigation Completed); E (Enter on Duty)
      mm/dd/yyyy is "Investigation date" or "Enter-On-Duty date"
      ccode is Command Code to be added {optional}

    Note:

    Format 3 is used for the rare occasion when you want to assign a specific 10 digit Employee Number to an end user or Console user. If you specify the entire 10 digit number, the system will give that number to the user (if it is available).

    Note:

    The Telephone Number is optional.

    Note:

    The Command Code(s) are optional. One, two or all can be entered.

    Note:

    Operator Type is only valid for Console users.

ADMAF - Add Maximum Profile Authorization File (MPAF)

  1. ADMAF can create the MPAF for a new Unit. The MPAF determines what Command Codes can be given optionally to users within the Unit.

  2. ADMAF can delete the MPAF for a Unit.

  3. ADMAF with a definer of 'Z' creates up to ten (10) new Units, copies the Command Code bitmaps and characteristics of the existing Unit to the new Units, moves all active employees from the existing Unit to the first new Unit, thus allowing the employees to keep their Production Command Code bitmaps, then deletes the existing Unit. If the first unit is in a different campus (within the same Computing Center), the restrictions and bypasses for the employees in the old campus are copied over to the new campus. The Revenue Agent and 809 Receipt Book User restrictions and bypasses are deleted for the employees at the old campus.

  4. ADMAF with a definer of 'U' creates up to ten (10) new Units, and copies the Command Code bitmaps and characteristics of an existing Unit to the new Units.

Format 1 : Create MPAF for a new unit

  1. Format: ADMAF uuuuu
      ccode ccode ccode ccode ccode ccode
       
    Where: u is Unit Number
      ccode is Command Codes to be added to the MPAF

    Note:

    The first two numeric characters of the Unit Number are the Office Identifier/Location Code for the Campus/Field Office, followed by three Organization Code numeric characters.

    Note:

    A screen of Command Codes can be entered with the ADMAF command. If it is necessary for there to be more Command Codes in the MPAF, you can use UPMAF to add as many as desired. If the Unit number starts with 98 or 99, then the command codes must be Console command codes.

Format 2 : Delete MPAF for a unit

  1. Format: ADMAF uuuuu
      DELE MAF
       
    Where: u is Unit Number
      DELE MAF is delete this MPAF

    Note:

    The UCCP must be deleted with ADUNT prior to deleting the MPAF for a Unit

Format 3 : Create new units by copying command code bitmaps and characteristics from existing unit

  1. Format: ADMAFduuuuu nnnnn nnnnn nnnnn nnnnn
       
    Where: d is Z or U
      u is Old Unit Number
      n is New Unit Number (from 1 to 10 unit numbers delimited by a space)

    Note:

    The old Unit MUST exist. The new Unit MUST NOT exist. The new Units will have the same MPAF, UCCP, REROUTE and TRDB as the old Unit. With a definer of 'Z', all active employees will automatically be moved to the new Unit and will keep their Production Command Code Profiles (see Note 2), and the old Unit will be deleted.

    Note:

    Definer 'Z' is used to move a unit to a different unit number. The unit command code profile will remain the same. The employees within the unit will also retain the same profile. There are restrictions in place whereby some units cannot ever be moved.

    Note:

    All users must be signed off at the time of implementation.

ADTRM - Add a Terminal

  1. ADTRM can authorize a single terminal or multiple terminals for addition to the SACS network and to set a specific time frame during which a terminal/terminals can be used to access the network.

  2. ADTRM can remove a terminal's authorization from the network.

Format 1 : Add a single terminal

  1. Format: ADTRM tttt ffff nnnn
       
    Where: tttt is Terminal Security ID (TSID)
      ffff is time off
      nnnn is time on

    Note:

    Format 1 authorizes a terminal’s access to the SACS network. The time On/Off fields are expressed in military time (0001 - 2400). A TMADD entry must be entered on the TPF machine to establish network configuration.

Format 2 : Add multiple terminals

  1. Format: ADTRMMtttt tttt ... tttt
      tttt tttt tttt ... tttt
      ...
      tttt tttt ... ffff nnnn
       
    Where: M is definer for multiple terminals
      tttt is Terminal Security ID (TSID)
      ffff is time off
      nnnn is time on

    Note:

    Format 2 authorizes multiple terminal's access to the SACS network.

    Note:

    Up to 6 full lines (including time off and time on) of TSIDs may be input.

    Note:

    If one or more of the TSIDs cannot be processed, the screen response will display each TSID followed by an error type in parenthesis. Here is the key for the five error types:

    1. ADDING OR DELETING OWN TERMINAL NOT ALLOWED

    2. INVALID TSID - NOT IN SDI

    3. THE TERMINAL ID IS ALREADY IN THE AUTHORIZATION FILE

    4. UNABLE TO PROCESS - MAX TERMINALS LIMIT EXCEEDED

    5. THE TERMINAL ID IS CURRENTLY IN THE TERMINAL FILE

Format 3 : Remove a terminal

  1. Format: ADTRM tttt DELE TRM
       
    Where: tttt is Terminal Security ID (TSID)
      DELE TERM is delete terminal literal

    Note:

    Format 3 deletes a terminal from the security file.

Appendix A: Operator Type Codes and units (for ADDEM)

Each Operator Type Code is only valid for the corresponding listed designated units associated to location code/Office Identifier (OI) of 98 and 99 ONLY.

Note:

5 digit Unit number is made up of 2 digit location code/Office Identifier and 3 digit Organization number.

Note:

nn below can be 98 or 99 only

Operator Type Code Unit Operator Type Description
IRSOPR nn940 COMPUTER OPERATOR
IRSCOM nn941 COMMUNICATIONS
IRSCSA nn942 COMPUTER SYSTEMS ANALYST
IRSAPL nn944 APPLICATIONS
IRSSYS nn945 SYSTEMS
IRSAUD nn946 AUDITOR
IRSFTP nn947 FTP OPERATOR
IRSOCC nn948 OCC OPERATOR
IRSAUT nn949 AUT OPERATOR