IDD provides security features that facilitate the protection of the data resource from unauthorized access, modification, or deletion, as follows:
Allows the data administrator to secure access to the CLASS, ATTRIBUTE, and LOAD MODULE entities and to one or more CA IDMS/DB, CA IDMS/DC, and IDD entities. The data administrator can also restrict access to the DDDL compiler, CA IDMS/DB and CA ADS system components, and CA OLQ and CA Culprit operations. Entity-type security is controlled by the SET OPTIONS statement SECURITY FOR clause described under SET OPTIONS Syntax.
If the SET OPTIONS statement specifies a SECURITY IS ON option, only a user with the proper authority can access the secured entity or entity group or can perform the secured operation. If the authorized user has been assigned a password, that password must be provided. User authority is established with the USER statement AUTHORITY clause, which defines the entity group or entity types to which the user has access and specifies the type of access permitted (that is, the verbs the user can issue). For a description of the AUTHORITY clause, see USER. If the SET OPTIONS statement specifies SECURITY IS OFF, user authority is not required; however, the data administrator can secure individual entity occurrences, as described below.
Controls user access to individual entity occurrences. The data administrator can apply entity-occurrence security to occurrences of all entity types except CLASS, LOAD MODULE, MESSAGE, and USER. The data administrator controls entity-occurrence security by means of the USER and PUBLIC ACCESS clauses within individual entity-type statements.
Prohibits a user from adding or changing passwords for other users and from assigning other users the authority to access secured entity types or to perform secured operations. Password authority is established with the AUTHORITY clause of the USER statement. Typically, only one user has password authority; that user will control all passwords. However, the data administrator can activate a password security override to allow users to modify their own passwords. If the SET OPTIONS statement specifies INDIVIDUAL PASSWORD SECURITY OVERRIDE IS ON, users need no authority to modify their own passwords; the INDIVIDUAL PASSWORD SECURITY OVERRIDE clause is described under SET OPTIONS Syntax.
The DDDL clauses in the following table govern security. Each of these clauses is described separately in this section.
|
This clause |
Governs security by: |
|---|---|
|
PREPARED/ REVISED BY |
Supplying additional user names and passwords to be used in IDD security |
|
AUTHORITY |
Assigning users authority to access secured entity types and perform secured operations |
|
USER |
Registering users with an entity occurrence and establishing the extent to which users can access or update the named entity occurrence |
|
PUBLIC ACCESS |
Specifying the extent to which unregistered users can access or update an entity occurrence |
|
Copyright © 2014 CA.
All rights reserved.
|
|