Implementing Security for IMS › IMS Resource Security

IMS Resource Security

CA Top Secret provides security for the IMS resources:

• Transactions
• IMS commands
• Application Group Names (AGNs) in IMS r9.1 and below
• Resource Access Security (RAS) resources in IMS r9.1 and above
• PSBs
• DBDs
• Resources on the LOCK and UNLOCK commands in IMS r9.1 and above
• OTMA TPIPE names on the Resume TPIPE request in IMS r10 and above

For these resources to be protected, they must be owned. The standard set of CA Top Secret control features for owned resources is also available for IMS resources, including:

• Generic prefixing
• Expiration, day of week, and time of day limiting
• Facility (region) restriction
• Action control (specifies which TSS action will take effect if rules in the PERMIT function are enforced)
• Program pathing
• I/O access levels
• ACTIONS

An ownable resource can be added to the AUDIT record, so that all activity involving it can be tracked. Resource ownership allows more comprehensive, flexible, and systematic security than a transaction-based security.

Note: The owner of an IMS resource should be a non-USER type ACID. When ownership is added in this way, the owner cannot sign on to use the resources defined, since TYPE=DEPT and other organizational type users are not allowed to sign on. However, if ownership is granted to an ACID with TYPE=USER, that user automatically has complete access to the resources which cannot be overridden by the commands:

TSS PERMIT ..... ACTION(DENY)

TSS PERMIT ..... ACCESS(NONE)