Previous Topic: RAS LTERM SecurityNext Topic: Access Levels

Implementing Security for IMSPSB Security

PSB Security

A program specification block (PSB) is an IMS control block that identifies terminals, transactions, databases, and database segments that an application program can access. Because a program that executes online must have the same name as the PSB, transaction security can effectively control the program access to IMS databases.

Controlling the use of the PSB in a batch environment (such as a BMP) is important, because a job can use any PSB with any application program. CA Top Secret provides several control options for the IMS security validation for PSBs. Global control option IMS(IMSPSBVL) enables PSB security in all IMS environments. Control option DL1B(YES) enables PSB security for batch IMS environments.

Note: For PSB security in IMS batch, both DL1B(YES) and IMS(IMSPSBVL) must be set. An IMS(NOIMSPSBVL) specification disables PSB protection in all IMS environments. For more information about using options to control IMS security processing, see the CA Top Secret Control Options Guide.

Ownership of a PSB immediately protects the resource across all defined IMS regions. The PERMIT function of the TSS command grants access to the PSB. Including the FACILITY keyword as part of the PSB definition limits access to specific regions. Time of day, day of week, access expiration, and ACTION controls are also available.

The ADD function establishes ownership of the PSB:

TSS ADDTO(DEPT01) PSB(TSTPAA45)

The PERMIT function grants access to the PSB:

TSS PERMIT(USER12) PSB(TSTPAA45)

Example: Adding PSB Security That Limits the Use of a PSB

This example shows a PERMIT function that includes keywords to limit the use of a PSB:

TSS PERMIT(acid) PSB(TSTPAA45) FACILITY(IMSTEST)
                               TIME(13,16)
                               DAYS(WEEKDAYS)
                               FOR(14)
                               ACTION(AUDIT)
FACILITY(IMSTEST)

Specifies that the PSB is accessible through a particular facility (IMSTEST). Omission of facility implies access through any defined IMS facility.

TIME(13,16) and DAYS(WEEKDAYS)

Limits PSB access to a time between 1:00 p.m. and 4:00 p.m. during weekdays.

FOR(14)

Provides PSB access authorization for 14 days after the date that the PERMIT command is issued.

Note: To specify a duration that ends at a specific point in time, use the UNTIL keyword. FOR and UNTIL are mutually exclusive.

ACTION(AUDIT)

Audits all accesses to this resource, regardless of the mode or logging options of the user. The ACTION keyword is compatible with all other PERMIT keywords.