About Security Information

Security Database Information and DSECTs › About Security Information

About Security Information

Dictionary Connection for Storing Information

When you define resources or manipulate privileges in CA IDMS internal security, your session should be connected to the proper dictionary:

For global resources—The system dictionary or an application dictionary
For system resources—The system dictionary
For non-SQL-defined database resources:
- DMCL, database, database name table, area—The system dictionary
- Non-SQL-defined schema—The application dictionary
For SQL-defined database resources—The application dictionary or system dictionary

Note: If your session is connected to an application dictionary and you issue security statements specifying resources that must be defined in the system dictionary, the statements will be processed and the security information will be stored in the application dictionary. However, at runtime, the information will not be used.

Where Security Information is Maintained

CA IDMS maintains security definitions in these areas:

The user catalog (SYSUSER.DDLSEC area)
The DDLDML, DDLCAT, and DDLCATX areas of the system dictionary and application dictionaries

Information about privileges on a resource is maintained in the same area as the resource definition.

User Catalog

Security information about global resources is maintained in these user catalog records:

ATTRIBUTE
DELUSER
PROFILE
RESOURCE
RESOURCEAUTH
USER
USERGROUP

User catalog records reside in the SYSUSER.DDLSEC area and are accessible through subschema IDMSSECU, which is defined in dictionaries against which IDMSDIRL has been run.

System Dictionary

Security information about system resources and non-SQL-defined database resources is maintained in these system dictionary records:

ATTRIBUTE
PROFILE
RESGROUPAUTH
RESOURCE
RESOURCEAUTH
RESOURCEGROUP
USERDATA

System dictionary security records reside in the SYSTEM.DDLDML area and are accessible through subschema IDMSSECS, which is defined in dictionaries against which IDMSDIRL has been run.

Security information about SQL-defined database resources is maintained in these tables of the catalog component of the dictionary:

SYSTEM.RESOURCE
SYSTEM.RESOURCEAUTH
SYSTEM.RESOURCEGROUP
SYSTEM.RESGROUPAUTH

Security tables for SQL-defined database resources reside in the DDLCAT area, and indexes on security tables reside in the DDLCATX area.

Application Dictionary

Security information about SQL-defined database resources is maintained in these tables of the catalog component of the dictionary:

SYSTEM.RESOURCE
SYSTEM.RESOURCEAUTH
SYSTEM.RESOURCEGROUP
SYSTEM.RESGROUPAUTH

Security tables for SQL-defined database resources reside in the DDLCAT area, and indexes on security tables reside in the DDLCATX area.

Security information about non-SQL-defined schemas is maintained in these system dictionary records:

RESOURCE
RESOURCEAUTH

These records are stored in the DDLDML area and are accessible through subschema IDMSSECS, which is defined in dictionaries against which IDMSDIRL has been run.

Summary

This table summarizes security information about CA IDMS resources, including where the information is stored and the privileges that apply to each resource:

Resource	Keyword	Location	Privileges

Global resources
SYSADMIN	SYSA	SYSUSER.DDLSEC	SYSADMIN
User	USER	SYSUSER.DDLSEC	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2))
Group	GROU	SYSUSER.DDLSEC	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2))
User profile	UPRF	SYSUSER.DDLSEC	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2))
System resources
DCADMIN	DCA	System dictionary	DCADMIN
System	SYST	System dictionary	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2)), SIGNON
System profile	SPRF	System dictionary	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2))
Application(1)	SAPP	System dictionary	EXECUTE
Activity	ACTI	System dictionary	(EXECUTE on the associated 'SAPP')
Category(1)	CATE	System dictionary	EXECUTE
Access module (runtime)	SACC	System dictionary	(EXECUTE on the associated 'CATE')
Dictionary load module	SLOD	System dictionary	(EXECUTE on the associated 'CATE')
Program (load module)	SPGM	System dictionary	(EXECUTE on the associated 'CATE')
Queue	QUEU	System dictionary	(EXECUTE on the associated 'CATE')
Run unit	NRU	System dictionary	(EXECUTE on the associated 'CATE')
Task	TASK	System dictionary	(EXECUTE on the associated 'CATE')
Non-SQL-defined database resources
Area	AREA	System dictionary	DBAREAD, DBAWRITE, USE
Database	DB	System dictionary	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE)
Database name table	DBTB	System dictionary	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE)
DMCL	DMCL	System dictionary	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE)
Non-SQL-defined schema	NSCH	Application dictionary (DDLDML area)	USE
SQL-defined database resources
Schema(3)	QSCH	Application dictionary (DDLCAT area)	DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2)), OWNER
Access module (definition)	DACC	Application dictionary (DDLCAT area)	EXECUTE, DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2)), REFERENCES(2)
Table	TABL	Application dictionary (DDLCAT area)	ALL [DEFINE (ALTER, CREATE, DISPLAY, DROP, USE(2)), REFERENCES, ACCESS (DELETE, INSERT, SELECT, UPDATE), OWNER(2)]

(1)Resource group.

(2)Privilege not meaningful for resource.

(3)Resource and resource group.