Checking Verb Security

Securing Application Dictionary Resources › Compiler Security Within the Dictionary › Checking Verb Security

Checking Verb Security

When Compilers Check Verb Security

The schema and subschema compilers check verb security whenever a SCHEMA statement (schema compiler only) or SUBSCHEMA statement (subschema compiler only) is issued. Note that verb security is not checked for each component of a schema or subschema. Once a user passes security for a schema or subschema, all of its components are available to the user.

Turning on Verb Security

Verb security is turned on or off through the IDD DDDL statement, SET OPTIONS FOR DICTIONARY SECURITY FOR IDMS IS ON/OFF. (Note that this IDD DDDL statement also turns compiler security on or off: verb security and compiler security cannot be set independently.)

How the Compilers Check the User

To determine who is issuing the SCHEMA or SUBSCHEMA statement, the compiler looks at the following:

The ID of user signed on to the dictionary
The user-specification on the SCHEMA or SUBSCHEMA statement
The user-specification on the SET OPTIONS statement

If any of these IDs is that of an authorized user, security is satisfied and the compiler processes the request.

Description of an Authorized User

An authorized user, for this function, is one who is defined in dictionary and whose description includes authority to issue the verb specified in the SCHEMA or SUBSCHEMA statement, in conjunction with the authority to use the compiler. Verb authority is assigned through IDD DDDL USER statements, such as those in the following examples:

ADD USER NAME IS KCO           assigns authority to use all
    AUTHORITY FOR UPDATE        verbs in each DDL compiler
        IS IDMS.

ADD USER NAME IS GKD           assigns authority to use MODIFY,
    AUTHORITY FOR MODIFY        DISPLAY, and PUNCH in each
        IS IDMS.                DDL compiler

ADD USER NAME IS TWG           assigns authority to use DELETE,
    AUTHORITY FOR DELETE        DISPLAY, and PUNCH in the
        IS SCHEMA.              schema compiler only

Implicit Subschema Updates Allowed

While schema authority only allows the user to access the schema compiler, any subschema updates resulting from authorized schema updates are allowed (for example, deleting a set from the schema causes the set to be deleted from the schema's subschemas).

Note: For more information about assigning verb authority, see the CA IDMS IDD DDDL Reference Guide.