CA IDMS Centralized Security Overview › CA IDMS Centralized Security › Security Definitions

Security Definitions

Required for Security Checks

When CA IDMS centralized security receives a request for a security check, it first determines from the SRTT whether the resource is secured. If it is, centralized security routes the request to CA IDMS internal security or the external security system, depending on the security option specified for the resource in the SRTT.

The resulting security check accesses security definitions of resources and resource authorizations to determine whether the executing user has the authority to access the resource in the way that is indicated on the security request.

Resource Definitions

Securable resources are the entities in the CA IDMS environment defined by CA IDMS or the user to which you control access.

Securable resources defined by CA IDMS are as follows:

• User
• Group
• User profile
• System
• Signon
• System profile
• Application activity
• Queue (1)
• Access module (runtime) (1)
• Load module (loadable entity) (1)
• Program (load module) (1)
• Task (1)
• Database
• Area (2)
• Run unit (1) (2)
• Access module (definition) (2)
• Non-SQL schema (2)
• SQL schema (2)
• Table (2)
• Database name table
• DMCL

(1) Occurrences of this resource can be grouped in a category using the CREATE RESOURCE statement.

(2) This resource type is secured automatically when the database resource type is secured.

Authorization IDs

An authorization ID identifies a user or group whom you can authorize to access resources.

If the security option for the resource is external, the authorization ID (and the authorities given to it) are defined in the external security system.

If the security option for the resource is internal, the authorization ID (and the privileges granted to it) are defined in the internal security system. You define authorization IDs to CA IDMS with the CREATE USER and CREATE GROUP statements.

Resource Authorization

An authority is the ability to access a resource in a particular way. A resource authorization is an authority that is associated with a resource definition and an authorization ID.

If the security option for a resource is external, resource authorizations are specified in the external security system.

If the security option for a resource is internal, resource authorizations are specified in the internal security system by granting privileges. You give users the privilege to access a resource with a GRANT statement, and you take away the privilege with a REVOKE statement.