Activity Bit Map
For each application that the user can access, the system maintains a bit map that indicates the activities the user is allowed to execute. The activity number corresponds to a bit position; for example, bit 43 corresponds to activity 43.
If the ACTI resource is secured internally, the application activity access bit map is brought into memory when the application issues its first security check request. The application bit map is chained to the signon block, and user and group activity access authorities are merged into the bit map.
When a user attempts to execute an activity, the application issues a call for a security check to the central security interface, specifying the application name and activity number. The application is expected to enforce the activity security based on the return code from the central security interface.
Internal Security Check on an Activity
If the ACTI resource is secured internally, the system searches for the activity bit map for the application and the user when the first security check for an application is processed. If the bit map is found, the system checks the activity number against the corresponding bit position in the activity access bit map, and returns a YES or NO answer to the application.
If the bit map is not found, the system then looks for an activity bit map for the user and the application named 'DEFAULT.' If found, the bit map for the DEFAULT activity is used in the security check.
Application DEFAULT
The DEFAULT application is a mechanism that allows execution of existing applications that use Release 10.2 security classes without having to explicitly define activities for each application. The security system will allow execution of an application function if:
You can use the RHDCSMIG program to generate statement syntax to create 255 DEFAULT application activities (activity numbers 1 through 255) and to grant execution privilege on the activities to users who have the matching security classes in the Release 10.2 dictionary.
Note: For more information about RHDCSMIG, see the CA IDMS Conversion Guide.
External Security Check on Activity
If the ACTI resource is secured externally, no activity bit map is involved in security checking. The central security interface creates the identifier of the activity that it passes to the external system by concatenating the shorter of the application name or the first five characters of the application name with the three-digit function number supplied by the application.
|
Copyright © 2014 CA.
All rights reserved.
|
|