Activating Security

Activating CA IDMS Security › Activating Security

Activating Security

Planning to Activate Security

Before you modify the initialized SRTT, do the following:

Designate one system for testing security processing.
Plan the sequence of activating security options so that you can activate and test one at a time.
Consider activating the SGON (signon) resource first.
If you plan to secure signon externally and one or more other resources internally, activate security for administration privileges before you grant signon to users who will not hold administration privileges.

External Security for Signon Processing

To activate external security for signon processing, the #SECRTT assembly must include an entry for resource type SGON.

Note: For more information, see External Signon Security.

Planning to Activate Internal Security

Before you activate internal security, you should:

Verify that the user catalog (SYSUSER.DDLSEC) area is specified in the startup JCL for the test system.
If the default access mode to the area, as specified in the DMCL, is not UPDATE, then you must issue a DCMT VARY AREA statement before you update the user catalog.

Note: For more information about DCMT commands, see the CA IDMS System Tasks and Operator Commands Guide.
At the least, create the following definitions:
- Users—defining the users who will hold SYSADMIN privilege is sufficient to begin. Creating a SYSADMIN group is recommended.
- Signon and SYSADMIN privileges granted to the designated users.
  If you now activate internal security, the designated users will be able to sign on to the CA IDMS system and to administer the security system.

Activating Internal Security

If you have granted signon and SYSADMIN privileges, the logical first step to activate internal security is to secure the signon and SYSADMIN resources. You do this by including these entries in the #SECRTT assembly:

#SECRTT TYPE=ENTRY,                                           X
      RESTYPE=SYSA,                                           X
      SECBY=INTERNAL

#SECRTT TYPE=ENTRY,                                           X
      RESTYPE=SGON,                                           X
      SECBY=INTERNAL

Securing Security Definitions

A knowledgeable user can access security definitions with local mode access to the user catalog or system dictionary. You can prevent this access by securing these entities as databases and granting privileges on categories of run units.

Note: For more information, see Securing the Dictionaries and the User Catalog.