IDOPTSCB Macros for Security: Samples

Establishing Signon Processing › Considerations and Examples › IDOPTSCB Macros for Security: Samples

IDOPTSCB Macros for Security: Samples

The following IDOPTSCB macro is a sample of how you might set up a production system using external security to control access to CA Ideal. For this region, the SCBOPTCB macro contains the parameters SECRTY=Y.

IDOPTS CSECT
            IDOPTSCB FUNC=START,                            X
                TYPE=DC,                                    X
                UIDCHK=NO,                                  X
                SECPRFX=IP,                                 X
                DFLTUSR=NONE,                               X
                ATZEXIT=USERPGM1
            IDOPTSCB FUNC=ATZ,                              X
                    .
                    .
                    .
            IDOPTSCB FUNC=END

The following parameters were set in the IDOPTSCB macro:

The UIDCHK parameter was set to bypass the operator or monitor ID check since the security system performs integrity checks. Your security IDs do not have to match a Person Name or User ID in a valid CA Ideal User Definition. You can use an alias to obtain the CA Ideal authorizations.
The SECPRFX parameter was set to IP to create a resource signon entity named IPSIGNON. Production users must be defined to the security system with the resource class CACMD and signon entity IPSIGNON.
The DFLTUSR parameter was set to NONE, which means that users cannot sign on to CA Ideal if their security ID does not match the Person Name or an alias for the Person Name of a valid CA Ideal User Definition.

If your site does not use external security to control access to CA Ideal, the SCBOPTCB macro must specify that SECRTY=N. The IDOPTSCB macro might use the following parameters:

IDOPTS CSECT
           IDOPTSCB FUNC=START,                            X
               TYPE=DC,                                    X
               UIDCHK=YES,                                 X
               DFLTUSR=DEF,                                X
               ATZEXIT=USERPGM1
           IDOPTSCB FUNC=ATZ,                              X
                   .
                   .
                   .
           IDOPTSCB FUNC=END

Since external security is not used to check CA Ideal integrity, the UIDCHK parameter is set to YES. This requires the signon-ID to match the Person Name or User ID of a valid User Definition. If the signon-ID does not match the Person Name or User ID of a valid User Definition, the default User Definition specified on the DFLTUSR parameter is used. For this sample, a User Definition must be present with the User ID DEF. You should set it up to provide the minimum CA Ideal authorizations.