This section explains how to implement Record Level Protection (RLP). RLP gives you detailed control over which users have access to what data within your system. This access is controlled by defining the records you want to protect to a reserved ACID called the Static Data Table (SDT) Record, and then permitting access to the defined records using the TSS PERMIT command.
Before you can implement RLP, you must first initialize the SDT using the SDTBLOCKS parameter of TSSMAINT. You also need to extend your old Security File into your new Security File by using TSSXTEND.
Using RLP, you can give users access to a set of records within a file, instead of all of the records in a file. You can even take this protection one step further by giving users access to a set of fields within a record, instead of all of the fields within a record.
The SDT contains three record elements that are used to implement RLP:
Defines the record using its FCT name, and specifies the record's field layout (field name, data type, field positions, length). The field(s) defined are then referenced in the SELECT record. You only need to define the fields that participate in the selection process.
Defines the logic, using Boolean expressions, that specifies who gets access to a record based on the contents of one or more fields.
Defines which fields within a record cannot be accessed (optional).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|