| # | Name | Location | Type | Details | Index | Description |
|---|---|---|---|---|---|---|
| .001 | number | 11 | Used to have VA fileman only have one entry in the file. | |||
| .01 | domain name(+) | 0;1 | POINTER | 4.2 | B | This is the name of this installation of the kernel, as it is known to the rest of the network. It must appear in the DOMAIN file. This name applies to all CPUs or Volume sets which access this ^XMB global. |
| .02 | irm mail group(+) | 0;2 | FREE TEXT | This field holds the name of the Mail Group that should get messages or bulletns about problems on the system. | ||
| .03 | after hours mail group | 0;3 | FREE TEXT | This field holds the name of a mail group that should get messages and bulletins after hours or on weekends and holidays. | ||
| .05 | mixed os | 0;5 | SET OF CODES | 0:No 1:VMS/Linux | This field tells Kernel that this is a MIXED OS environment. This is only supported on a Cache ECP client/server setup. The PRIMARY OS is VMS and the SECONDARY OS is non-VMS. | |
| .07 | local tmp | 0;7 | BOOLEAN | 0:No 1:Yes | Set this field to Yes if ^TMP, ^UTILITY, and ^XUTL("XQ") are local to each node in a multi-node system as in Cache. Set it to No if everything is clustered together. | |
| 9 | agency code | 0;8 | SET OF CODES | V:VA AF:AIR FORCE I:IHS ARMY:ARMY N:NAVY O:OTHER E:EHR USCG:COAST GUARD | This field defines what agency uses this computer. It sets a flag which may be accessed by application programs which need to know this information. For example, a scheduling program may operate one way in an Air Force environment, and another in a VA environment. | |
| 9.8 | routine monitoring | RM;1 | SET OF CODES | n:No a:All s:Selected | This field controls how the routine monitoring program behaves. Weather to look at all routines or just selected name spaces. | |
| 9.81 | routine n-space to monitor | RM1;0 | MULTIPLE | 8989.309 | ||
| 11 | auto-generate access codes | 3;1 | BOOLEAN | n:NO y:YES | If this field is set to YES, then the user will not be allowed to choose their ACCESS CODE - it will be assigned for them. | |
| 11.2 | auto-generate verify codes | 3;3 | BOOLEAN | n:No y:Yes | During the C&A review of VistA the current practice of leaving the VERIFY CODE blank until the user signed on the first time was found to not comply with VA DIRECTIVE 6504. This field will be used when someone other than the user goes to enter a verify code. The system will select a strong verify code and tell the operator what the new code is. | |
| 12 | user characteristics template | 3;2 | POINTER | .402 | This field contains the name of the input template to be used for the EDIT USER CHARACTERISTIC option. If there is a ScreenMan form with the same name it will be used, terminal type permitting. If it is left blank, the XUEDIT CHARACTERISTICS template will be used. You may want to define different fields. The TERMINAL TYPE question is asked before the template is called. | |
| 13 | academic affiliation waiver | 3;4 | BOOLEAN | 0:No 1:Yes | The VA Handbook 6500 page 60 requires: 6. POLICY AND PROCEDURES, c. Technical Controls, (2) Logical Access Controls. d. Accounts are automatically disabled if inactive for 30 days. The Office of Academic Affiliation requested a waiver to the 30 day disabling of inactive accounts asking it be 90 days and this waiver was approved. This field controls if the VA Handbook 6500 30 day limit is used or the site has an Academic Affiliation and the 90 day limit is to be used. There is a copy of the waiver attached to Remedy Ticket 283028. | |
| 19 | option audit | 19;1 | SET OF CODES | n:NO AUDIT a:ALL OPTIONS AUDITED s:SPECIFIC OPTIONS AUDITED u:USERS AUDITED | This field indicates what should be audited between the 'Initiate Audit' date and 'Terminate Audit' date fields. The 'Option to Audit' Subfile along with the 'Namespace to Audit' Subfile hold the lists of specific options that would be audited (choosing "s"). The 'User to Audit' | |
| 19.1 | option to audit | 19.1;0 | MULTIPLE | 8989.36 | This subfile holds a list of options to audit. | |
| 19.2 | namespace to audit | 19.2;0 | MULTIPLE | 8989.35 | This subfile holds a list of namespaces to audit. | |
| 19.3 | user to audit | 19.3;0 | MULTIPLE | 8989.34 | This subfile holds a list of users to audit. | |
| 19.4 | initiate audit | 19;2 | DATE-TIME | This field indicates the date when an audit will begin. The 'Option 'Audit' Field defines the nature of the audit that will be performed. Auditing will only be done if there is both a 'Initiate Audit' and 'Terminate Audit' data. | ||
| 19.5 | terminate audit | 19;3 | DATE-TIME | This field indicates when the audit will end. The start date is set in the 'Initiate Audit' Field. | ||
| 21 | new person identifiers | NPI;E1,245 | FREE TEXT | This field holds MUMPS code to set the variable DR to the string of fields (Not a template) to be used as Identifiers when adding entries to the NEW PERSON file. #9 (SSN) is required if the user does not hold the XUSPF200 key. These fields can be added to by the application. | ||
| 30.1 | ccow token timeout | 30;1 | NUMERIC | This field holds the value for how long a CCOW token is good for in seconds. When the current time is greater that the CCOW token create time plus the timeout seconds, the CCOW token will no longer be valid. If this value is too small (short) users will be frustrated that the SSO part doesn't work. If the value is too large (Long) there is a chance that it could be used to break into the system. A default value of 5400 (1.5 hours) will be used. | ||
| 31.1 | max spool lines per user | SPL;1 | NUMERIC | This field holds the MAX number of lines of spooled output any user may spool. If the user has more that this number then they will not be allowed to spool any more until some of their spooled documents are deleted. This only controls the granting of new spool documents and doesn't terminate a the number of lines that will be transfered into the spool data file. Recommended value 9999. | ||
| 31.2 | max spool documents per user | SPL;2 | NUMERIC | This field limits the number of spooled documents that any user may have on the system. Recommended value 10-100. | ||
| 31.3 | max spool document life-span | SPL;3 | NUMERIC | This field controls the number of days that a spooled document will be allowed to remain in the spooler before deletion by the XU-SPL-PURGE option that needs to be setup to run in the background. | ||
| 32 | alpha/beta test package | ABPKG;0 | MULTIPLE | 8989.332 | This multiple field is used to identify any packages which are currently in alpha or beta test at the site. | |
| 33 | alpha,beta test option | ABOPT;0 | MULTIPLE | 8989.333 | This is a multiple field which is used to keep a log of usage of the options associated with an alpha or beta test of a package based on the namespace(s) indicated for the alpha or beta test package. | |
| 41 | volume set | 4;0 | MULTIPLE | 8989.304 | This is the set of all CPU names in this domain. | |
| 51 | dns ip | DNS;1 | FREE TEXT | This field holds the IP addresses of the DNS(s) that XLFNSLK will use. Data must be in the form of nnn.nnn.nnn.nnn To list more that one separate them with commas (,). | ||
| 53.1 | pki server | IP1;1 | FREE TEXT | This field holds one to three IP addresses for the PKI servers for this site. Each IP address is separated by comas. Example: 127.0.0.1,PKI.fo-oakland.domain.ext | ||
| 101 | path to mwapi bitmaps | 101;1 | FREE TEXT | |||
| 202 | default # of attempts | XUS;2 | NUMERIC | This is the default number of attempts that a user may try to sign-on before the device is locked. This field is overridden by a similar field in the DEVICE File. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. The maximum value (5) is set by the VA INFORMATION SYSTEM ACCOUNT AND PASSWORD MANAGEMENT POLICY. | ||
| 203 | default lock-out time | XUS;3 | NUMERIC | This is the default time in seconds that a locked device must be idle before another sign-on attempt will be allowed. This time is overridden by a similar field in the DEVICE File. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. The minimum value is set by the VA INFORMATION SYSTEM ACCOUNT AND PASSWORD MANAGEMENT POLICY. | ||
| 204 | default multiple sign-on | XUS;4 | SET OF CODES | 0:NO 1:YES 2:Only one IP | This is the default value for whether users may sign-on at more than one terminal at a time. It is overridden by similar fields in the DEVICE and NEW PERSON Files. If you select "Only one IP" be sure to put a value into the "MULTIPLE SIGN-ON LIMIT" field so users can sign-on at least once. Current Values 0 = Multiple signon not allowed. 1 = Multiple signon Allowed. 2 = Multiple sign only allowed from one IP address. | |
| 205 | ask device type at sign-on | XUS;5 | BOOLEAN | 0:NO 1:YES | This is the default for whether a user/terminal should be asked for their terminal type at sign-on. This is overridden by a similar field in the DEVICE and NEW PERSON Files. terminals DEVICE ATTRIBUTES message, if it is a know one then the terminal type is set to this. Otherwise the user is prompted. If set to NO then the one from the Last Sign-on field or device subtype will will be used. | |
| 206 | default auto-menu | XUS;6 | BOOLEAN | 0:NO 1:YES | This is the default for whether auto-menu is turned ON or OFF. It is overridden by similar fields in the DEVICE and NEW PERSON Files. | |
| 207 | default language | XUS;7 | POINTER | .85 | This field points to the default language that is used by the site. The value can be replaced by a language field in the New Person file (200.07). | |
| 209 | default type-ahead | XUS;9 | BOOLEAN | N:NO Y:YES | This is the default as to whether or not Type-Ahead is allowed. It is overridden by similar fields in the DEVICE and NEW PERSON Files. | |
| 210 | default timed-read (seconds) | XUS;10 | NUMERIC | This is the default time-out for all READs and is overridden by similar fields in the DEVICE and NEW PERSON Files. | ||
| 211 | bypass device lock-out | XUS;11 | BOOLEAN | 0:NO 1:YES | Setting this field to YES will cause all device lock-out checking to be bypassed. This means that during sign-on the checks against the device file for OUT OF SERVICE, SECURITY, and PROHIBITED TIMES FOR SIGN-ON will be skipped. Can be overridden by the PERFORM DEVICE CHECKING field in the | |
| 212 | reserved | XUS;12 | BOOLEAN | 0:NO 1:YES | *** This field is NO longer used. *** | |
| 212.1 | device to audit | 8989.33;0 | MULTIPLE | 8989.33 | If device auditing is activated, This holds a list of devises that are to be audited. | |
| 212.5 | failed access attempt audit | XUS;14 | SET OF CODES | A:ALL DEVICES/NO TEXT RECORDED D:SPECIFIED DEVICES/NO TEXT RECORDED AR:ALL DEVICES/TEXT RECORDED DR:SPECIFIED DEVICES/TEXT RECORDED N:NO AUDIT | This field indicates whether an audit log is to be generated for failed access attempts. Audits can be done for all devices or specified devices only. Recording of what is entered is optional. | |
| 213 | reserved | XUS;13 | BOOLEAN | 0:NO 1:YES | This field is reserved for future use. | |
| 214 | lifetime of verify code(+) | XUS;15 | NUMERIC | This is the number of days that a VERIFY code remains valid. After this time the user must choose a new VERIFY code. | ||
| 216 | interactive user's priority | XUS;16 | NUMERIC | This field will change the priority of interactive users on the system at sign-on time. There is a danger that using this field will cause the users to have poor response time from the computer. | ||
| 217 | default institution(+) | XUS;17 | POINTER | 4 | This field is used to define a default institution that will be assigned as the user's institution (DUZ(2)) for any user that doesn't have one. Other Developers are allowed to get this data directly from the | |
| 218 | default auto sign-on | XUS;18 | SET OF CODES | 0:No 1:Yes d:Disabled | This field will control the Auto Sign-on (Single Sign-on) feature. To completely turn off this feature for all users: set to DISABLED. To allow only selected users: set to No. To allow ALL but selected users: set to Yes. The Yes and No values can be over ridden by the AUTO SIGN-ON field in the New Person file. Use of this feature impacts user connecting via Telnet and the Broker. | |
| 219 | default multiple sign-on limit | XUS;19 | NUMERIC | This field sets an upper limit on the number of concurrent sessions that one user can have from one IP address when the Multiple Sign-on field (#204) is set to "One IP" | ||
| 230 | broker activity timeout | XWB;1 | NUMERIC | This field controls how long the Broker server waits (in seconds) for some activity from the client. Its value is passed to client applications compiled with version 1.1*6 and above of the Broker. The client application will contact ("poll") the server at an interval based on this field's value to let the server know it is still there. If a client stops polling the server, the server knows that the client process has terminated. The "ghost" server job is therefore stopped, enabling locks and other resources to be freed. A small timeout value in this field creates more server and network activity. A large value leaves ghost jobs on the server longer. We recommend setting it to a value of 180 seconds as a good compromise. | ||
| 231 | gui post sign-on | XWB;2 | SET OF CODES | 0:Don't Send/Show 1:Send/Show | This field will control if the POST SIGN-ON message is sent to the GUI client. If it is sent then the GUI client should display the message before allowing the user to continue. | |
| 240 | intro message | INTRO;0 | WORD-PROCESSING | This field holds the text that is initially displayed at signon, before the prompt for access code or other checking. | ||
| 245 | post sign-in message | POST;0 | WORD-PROCESSING | This field holds the text that is displayed after the user has successfully passed the signon. | ||
| 250 | peer systems | PEER;1 | FREE TEXT | This field holds a list of IP addresses that the GETPEER function will not pass back from the API. It is set to 127.0.0.1 by default. | ||
| 300 | log resource usage? | XUCP;1 | BOOLEAN | Y:YES N:NO | This Yes/No field is used to indicate whether resource usage data such as CPU seconds, DIO, BIO, etc. will be collected in ^XUCP(. If this field is set to "YES", every time a user goes in and out of an option and each time recorded. | |
| 320 | primary hfs directory | DEV;1 | FREE TEXT | This field holds a Primary (default) directory path to be used whenever a HOST file is referenced and a Directory is not included. Example: Cache/VMS might have USER$:[TEMP] Cache/NT might have T:\TEMP\ Cache/Linux might have /var/tmp/ If this field is left blank then HOST files that don't have an explicit directory path will go to the current processes working directory. | ||
| 320.2 | secondary hfs directory | DEV;2 | FREE TEXT | This field holds the secondary HFS directory path. | ||
| 321.01 | facility iso | 321;1 | POINTER | 200 | This field holds a pointer to the facility Information Security Officer in the NEW PERSON file (#200). | |
| 321.02 | facility cio | 321;2 | POINTER | 200 | This field holds a pointer to the facility CIO in the NEW PERSON file (#200) | |
| 405.1 | ip security on | 405;1 | BOOLEAN | n:No y:Yes | This field turns on or off the IP security "Three strikes and you are out" code. | |
| 405.12 | failed attempts limit - irm | 405;2 | NUMERIC | This field holds the value of how many Failed Attempts must be counted by the XUSFACHK routine before a message is sent to the IRM during normal business hours (8:00 am to 4:30 pm). This can be change by the value in the TOTAL COUNT INCREASE field. | ||
| 405.13 | failed attempts limit - aod | 405;3 | NUMERIC | This field holds the value of how many Failed Attempts must be counted by the XUSFACHK routine before a message is sent to the AOD during after hours (4:30 pm to 8:00 am). This can be changed by the value in the TOTAL COUNT INCREASE field. | ||
| 405.14 | user locking | 405;4 | BOOLEAN | n:No y:Yes | This field controls if Users are locked out of the system because of exceeding the limit on bad attempts. The ACCESS code must be correct so we can identify the user, and it is just the VERIFY code that is being entered wrong. | |
| 405.15 | last run failed attempts check | 405;5 | DATE-TIME | This field holds the date time of the last run of the FAILED ATTEMPTS checking routine (XUSFACHK). This field is filled in by the routine and doesn't need user entry. | ||
| 405.16 | default ts slack | 405;6 | NUMERIC | This field holds a default value for how many times in 10 minutes a Terminal Server can have a sign-on failure (entries in the FAILED ACCESS ATTEMPTS LOG) before it is locked. A default value is 2 is used if no value is entered. | ||
| 405.17 | keep threshold | 405;7 | NUMERIC | This field holds the number of Failed Access Attempts in the current sample period that will cause the count to be saved for the next sample period. This is used by the routine XUSFACHK and the value will need to be smaller for a more frequent running and larger for less frequent running. A starting value could be 10 if XUSFACHK is scheduled to run every 30 minutes. | ||
| 405.18 | total count increase | 405;8 | NUMERIC | This field holds the value to be added to the IRM or AOD limits. If the total number of Failed Access Attempts in the sample period is greater than the IRM (or AOD) limit plus the TOTAL COUNT INCREASE then it will trigger the sending of the failed attempts message. | ||
| 405.2 | terminal server ip | 405.2;0 | MULTIPLE | 8989.305 | ||
| 501 | production(+) | SID;1 | BOOLEAN | 0:No 1:Yes | This field holds a flag to indicate if this is a Production account. It is a Yes/No flag with internal values of 1 = Yes, 0 = No. It is set by the system after comparing the System ID with the current System ID, at some point in the future will be checked against a master system. | |
| 502 | system id | SID;2 | FREE TEXT | This field holds the SYSTEM ID, if this is a production system. This value is compared with the current system value and at some point in the future will be checked against a master system. | ||
| 503 | sid last checked | SID;3 | DATE-TIME | This field holds the date/time that the SID was last checked. If the SID has not been compared with the stored one today a full check will be done, otherwise the PROD api will just return the current value. | ||
| 504 | logical disk name | SID;4 | FREE TEXT | This field holds a logical disk name that is stored in the cache cpf file for client system in a ECP client-server setup. | ||
| 505 | physical disk | SID;5 | FREE TEXT | This field hold the Physical disk name that Cache VMS converts the logical name(#504) in to. | ||
| 520.1 | error limit | ZTER;1 | NUMERIC | This field holds the maximum number of a particular error to be recorded on one day. The count will continue in the ERROR SUMMARY file (#3.077) field FREQUENCY (#4) even though the error is not recorded in the error trap. It is used in the $$SCREEN^%ZTER logic to tell the error trap to skip recording the error. | ||
| 520.2 | send error summary | ZTER;2 | BOOLEAN | 0:No 1:Yes | This field controls if the error summary routine sends a record to a consolidating facility when it has finished running. The mail message is sent to the mail group XTER SUMMARY LOAD. In the VA this will include the remote entry G.XTER SUMMARY LOAD@DOMAIN.EXT. | |
| 520.3 | keep error trap | ZTER;3 | NUMERIC | This field holds the number of days to keep the entries in the Detail Error Trap. Defaults to 7 if left blank. | ||
| 520.4 | keep error summary | ZTER;4 | NUMERIC | This field holds the number of days to keep the entries in the Error Trap Summary since they were last seen. Defaults to 90 if left blank. | ||
| 900 | new person enumeration started | MPI;1 | DATE-TIME | This field will note when the New Person File (#200) began the VPID Enumeration Process. | ||
| 901 | paid enumeration started | MPI;2 | DATE-TIME | This field will note when the PAID EMPLOYEE (#450) file began the VPID Enumeration Process. | ||
| 902 | new person enumeration finish | MPI;3 | DATE-TIME | This field will note when the New Person (#200) file completed the VPID Enumeration Process. | ||
| 903 | paid enumeration finish | MPI;4 | DATE-TIME | This field will note when the PAID EMPLOYEE (#450) file completed the VPID Enumeration Process. |