Additional Signon Processing

Signon Processing › What is Signon Processing? › Additional Signon Processing

Additional Signon Processing

Updating the Password

In an explicit signon request to CA IDMS/DC, the user can change the password if the user is not already signed on to another terminal. The user can request a change in password during signon processing whether internal or external security is used to control signon processing.

If signon processing is controlled internally, the user's request can be honored if the user catalog (SYSUSER.DDLCSEC area) is available in update mode to the system for which the signon request is issued. Thus, to prevent users from updating their passwords, you can make the user catalog available to users in retrieval mode only.

If signon processing is controlled externally, the user's ability to update the password is subject to any restrictions imposed by the external security system.

Building the User's Group List

As part of internal signon processing, an in-core list of group IDs is built and anchored in the SON control block. The list includes the authorization IDs of all groups of which the user is a member as well as the group PUBLIC.

If signon is secured externally, you can still take advantage of CA IDMS groups to administer security. However, users must be defined in the user catalog in order to be included in a group.

Building the Session Profile

As part of signon processing, the security system will attempt to locate a system profile and a user profile for the user unless directed not to by a USRPROF=OFF or SYSPROF=OFF specification in the initial #SECRTT.

If no user profile was specified in the user definition, or if there is no user definition in the user catalog (and signon is validated externally), the security system will search the user catalog for, if specified, the user profile designated in the USRPROF= parameter of the initial #SECRTT macro.
If USRPROF= is not specified, a default user profile definition whose name matches the ID of the signed-on user.

If a user profile is found, the system builds a session profile with the attributes defined in the user profile.

If no system profile was specified in the grant of signon privilege to the user, or if there is no grant of signon privilege (and signon is validated externally), the security system will search the system dictionary for the following:

If specified, the system profile designated in the SYSPROF= parameter of the initial #SECRTT macro.
If SYSPROF= is not specified, a system profile named 'DEFAULT'.

If a system profile is found, the attributes specified in the system profile are merged into the session profile. If user and system profile attributes match, the attribute value in the system profile takes precedence.

Note: For more information about how to tailor user and system profiles when signon is secured externally, see Securing User Profiles.