Defining a CA IDMS Security Domain
You include multiple CA IDMS systems in a security domain by specifying an identical set of physical characteristics for the SYSUSER.DDLSEC segment in each system in the domain, and specifying the same physical data set in the startup JCL or the global DMCL.
Note: For more information about defining physical database characteristics, see the CA IDMS Database Administration Guide.
Use of the User Catalog
The user catalog is accessed by all DC/UCF systems and local mode batch applications executing in the security domain. It is a central location used for validating passwords and retrieving user information.
Only a DC/UCF system that has the user catalog in update mode can be used to define and administer global resources.
Securing the User Catalog
After you have specified a resource option (other than 'OFF') for the DB resource type, the user catalog is secured.
You can grant access to the user catalog in one or more of these ways:
Note: For more information, see Securing the Dictionaries and the User catalog.
Ensuring Use of the Correct User Catalog
You can ensure that only the correct user catalog is accessed at runtime.
If the operating system or spooler supports installation-written exits for scanning and validating JCL, a system programmer can write an exit to verify that the correct system dictionary and user catalog are used by each central version and local mode job.
Alternatively, in an operating system that supports dynamic file allocation, you can specify the data set name of the user catalog in the DSNAME parameter of the CREATE FILE statement and NULL for the external file name in the ASSIGN TO parameter. At runtime the data set name is obtained from the DMCL, which contains the segment associated with the file.
|
Copyright © 2014 CA.
All rights reserved.
|
|