How You Do It
As in the previous example, the external resource name format is specified in the EXTNAME parameter of the #SECRTT macro. In this parameter, you list keywords to represent the fields that comprise the external resource name format.
Note: For complete documentation of the macro, see #SECRTT.
If you do not specify the EXTNAME parameter, the external resource name by default consists of only the name of the base resource on the security request.
Runtime Usage of EXTNAME Values
At runtime, the external resource name is constructed using the values in the current security request that correspond to the keywords you specified in the EXTNAME parameter.
For example, if the SRTT entry for resource type TABL (table) includes an EXTNAME parameter that specifies (ENVIR,RESTYPE,SCHEMA,RESNAME), the external resource name format for a table is:
environment-name.TABL.schema-name.table-name
The following example represents the actual resource name sent to the external security system using values from the current security request:
PROD.TABL.USA.EMPLOYEE
Order of Name Fields
The order of the fields in the external resource name passed to the external security system is determined by the order of the keywords that you list on the EXTNAME parameter of the #SECRTT entry. For a given set of fields, you can specify any possible order to format the external resource name.
The format of the external resource name defined in the EXTNAME parameter of the SRTT must match the format used to identify the resource in the external security system.
Environment Name Qualifier
The environment name qualifier is significant only when security is external. You specify environment name on the initial #SECRTT macro.
The environment name distinguishes resources in the domain of the current SRTT from like-named resources in the domain of another SRTT. You specify an environment name if such distinctions are necessary to your security scheme.
For example, you can specify PROD as the environment name in the SRTT that governs production systems. This means that you can qualify the external resource names of resources in production systems with PROD and specify rules for them in the external security system that are different from like-named resources in test systems, which may have different environment names or no environment name.
Thus, if you have a database named EMPDB in both the test and production environments, you can write a security rule in the external system that is applied only when the security check is for EMPDB qualified by 'PROD' (that is, PROD.EMPDB if the external resource name is environment-name.database-name, or EMPDB.PROD if the external resource name is database-name.environment-name).
External Resource Name Keywords
This table presents the keywords that you can specify in the EXTNAME parameter of the #SECRTT macro (the required characters appear in upper case) and the value from the current security request that corresponds to each keyword:
|
EXTNAME keyword |
Value from current security request |
|---|---|
|
ACTIvity |
Concatenation of application name and application function number. For more information, see #SECRTT. |
|
APPLname |
application-name |
|
DBNAme |
database-name |
|
DDNAme |
dd-name |
|
ENVIr |
environment-name |
|
RESName |
The name of the resource occurrence(1) |
|
RESType |
The resource type keyword, from the SRTT (for example, SLOD) |
|
SCHEma |
schema-name (SQL) |
|
SSNAme |
subschema-name |
|
SYSTem |
system-identifier |
|
VERSion |
version-number |
Note: (1) For RESTYPE ACTI, the RESNAME value is application-name.
You can always specify the RESNAME, RESTYPE, and ENVIR keywords in formatting the external resource name. The tables that follow indicate the values of RESNAME and RESTYPE for each resource type and the other keywords available in constructing an external resource name for the resource type.
Naming Global Resources
This table presents the keywords that you can use to construct external resource names for global resources:
|
Resource |
RESNAME |
RESTYPE |
Other available keywords |
|---|---|---|---|
|
SYSADMIN |
@RESERVED@ |
SYSA |
|
|
User |
user-identifier |
USER |
|
|
Group |
group-identifier |
GROU |
|
|
User profile |
profile-name |
UPRF |
|
Naming System Resources
This table presents the keywords that you can use to construct external resource names for system resources:
|
Resource |
RESNAME |
RESTYPE |
Other available keywords |
|---|---|---|---|
|
DCADMIN |
@RESERVED@ |
DCA |
|
|
System |
system-identifier |
SYST |
|
|
Signon |
system-identifier |
SGON |
|
|
System profile |
profile-name |
SPRF |
|
|
Activity |
application-name |
ACTI |
APPLname,ACTIvity |
|
Task |
task-code |
TASK |
SYSTem |
|
Load module |
load-module-name |
SLOD |
DBNAme,VERSion |
|
Queue |
queue-name |
QUEU |
SYSTem |
|
Access module |
access-module-name |
SACC |
DBNAme,SCHEma |
|
Program |
program-name |
SPGM |
SYSTem,DDNAme |
Naming Database Resources
This table presents the keywords that you can use to construct external resource names for database resources:
|
Resource |
RESNAME |
RESTYPE |
Other available keywords |
|---|---|---|---|
|
Database |
database-name |
DB |
|
|
Area |
area-name |
AREA |
DBNAme |
|
Rununit |
program-name |
NRU |
DBNAme,SSNAme |
|
SQL schema |
schema-name |
QSCH |
DBNAme |
|
Non-SQL defined schema |
nonsql-schema-name |
NSCH |
DBNAme,VERSion |
|
Access module |
access-module-name |
DACC |
DBNAme,SCHEma |
|
Table |
table-name |
TABL |
DBNAme,SCHEma |
|
DMCL |
dmcl-name |
DMCL |
|
|
Database name table |
database-table-name |
DBTB
|
|
Note: There is no resource type keyword for DBADMIN privilege.
Naming Examples
This example presents the possible combinations of external resource name fields for a DC task. The actual number of fields that you specify depends on how the resource name is defined in the external security system:
environment-name.TASK.system-identifier.task-code environment-name.TASK.task-code environment-name.system-identifier.task-code environment-name.task-code TASK.system-identifier.task-code TASK.task-code system-identifier.task-code task-code
|
Copyright © 2014 CA.
All rights reserved.
|
|