Using the NMSAF Security Solution › Components of NMSAF

Components of NMSAF

The NMSAF security solution consists of the following components:

• UAMS—NMSAF uses the UAMS file to store user records that contain the many access authorization details for a user ID. User records can be manually added, modified, or deleted from the UAMS file, but this might not be necessary. If NMSAF is installed as recommended (with grouping and modeling enabled), then NMSAF automatically updates the UAMS file as needed. This means that you do not need to perform any maintenance on your UAMS records.
• Partial security exit—NMSAF uses a partial security exit to interface with your external security package for password checking. Passwords are not stored in UAMS.
• Modeling—You can use the modeling facility to significantly reduce the number of users that must be manually defined to your product region (by using UAMS). When you use modeling, a set of model users is defined. Each model user definition is used to define the privileges that a specific type of user has.

  The NMSAF parameter file defines a list of resource names and associated model names. When a user (that is not defined to UAMS) logs on, this list is searched and each resource name is tested to see if the user has (at least) READ access. The model user ID of the first one that matches is then used as the basis of a new user ID definition.

  If you simply give users PERMIT access to the appropriate resource(s), user definitions are automatically created when a user logs on to your product region for the first time.

• SXCTL parameter file—The SXCTL file is the control file used by NMSAF. You can use the SXCTL file as supplied or you can tailor it to your requirements by using parameters.
• Additional security exits—NMDSNCHK and NMDSSCHK can work in conjunction with NMSAF. Several other exits are supplied.