Using a Compiler or Tool
When a user invokes a compiler or tool, signon to the application dictionary is automatically initiated using the ID with which the requesting user is signed on to the system.
If the user of the compiler or tool is not signed on to the system, an actual system signon is attempted internally, and if it is successful, dictionary signon proceeds.
Thus, under centralized security, a user who is authorized to sign on to the system is authorized to access the dictionary that is current for the user session.
Current dictionary: You can enforce the specification of the current dictionary for a user's session by including the DICTNAME attribute in the user profile with the OVERRIDE=NO parameter. This prevents the user from accessing a dictionary other than the one you specify in the DICTNAME attribute. For more information, see Securing User Profiles.
Securing Secondary Signons
You can secure signon to a particular application dictionary by using DDDL to specify SECURITY FOR IDD SIGNON IS ON for the dictionary. In this situation, the user must be defined in the application dictionary with the ADD USER statement and authorized to sign on to the dictionary with the inclusion of IDD SIGNON IS ALLOWED in the USER statement.
This measure provides additional security only for IDD and does not affect security for other compilers that access the dictionary. Therefore, it is not a substitute for securing signon through centralized security.
Secondary Signon Processing
If a user issues an IDD signon statement that specifies the same ID as the user's system signon ID, no password validation is done for signon to the dictionary. If a user issues an IDD signon statement that specifies a different ID from the user's system signon ID, then the ID and password entered on the signon statement must match an ID and password defined in the dictionary with the ADD USER statement.
If the user is either not defined or not authorized, the secondary signon is rejected.
|
Copyright © 2014 CA.
All rights reserved.
|
|