For many of the ways that transactions enter an IMS system, IMS uses a SAF call to invoke CA Top Secret transaction security. The resource class for these transaction security calls is formed from the prefix "T" and the value established for the RCLASS parameter (which defaults to "IMS").
Note: The OPTIONS(27) control option can be turned on in order for the IMS SAF based TIMS resource class checks to be translated to LCF and OTRAN as needed (rather than using TIMS).
CA Top Secret provides a system-supplied resource class TIMS.
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to make use of separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
If the administrator chooses to use a non-default RCLASS value, the administrator is responsible for:
The following instructions assume the use of the TIMS facility for transaction security. The administrator should substitute their non‑standard transaction resource class, if one is in use.
TIMS is a general resource that can be ADDed to establish ownership:
TSS ADDTO(acid) TIMS(transaction)
To allow users access to the transaction, enter:
TSS PERMIT(acid) TIMS(transaction)
FACILITY(IMSPROD)
TSS PERMIT(acid) TIMS(transaction)
The first permission allows the user to execute the transaction only in regions using the IMSPROD facility. The second permission allows the user to execute the transaction unrestricted by facility.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|