Previous Topic: RAS Transaction SecurityNext Topic: RAS LTERM Security

Implementing Security for IMSResource Access SecurityRAS PSB Security

RAS PSB Security

The following IMS dependent regions can specify a PSB in the dependent region JCL:

During dependent region initialization, the dependent region communicates to the control region the intent to use the PSB. When RAS security is enabled, the control region checks to see if the dependent region is permitted access to the requested PSB. If the dependent region is not permitted access to the PSB, the dependent region is terminated.

IMS uses a SAF call to invoke CA Top Secret PSB security. The resource class for these security calls is formed from the prefix "I" and the value established for the RCLASS parameter (which defaults to "IMS").

This is the same resource class that IMS uses for program validation for programs on the LOCK and UNLOCK commands. It is not the same as the PSB resource class that CA Top Secret uses for the PSB security provided by the control option IMS(IMSPSBVL).

Use separate facilities to distinguished regions and to distinguish region-specific permissions by FACILITY.

When RAS PSB security is enabled, the security administrator must create an RDT entry for the PSB resource class.

Examples: RAS PSB security

This example assumes the use of the IIMS resource class for PSB security:

TSS ADD(RDT) RESCLASS(IIMS)
             RESCODE(xx)
             MAXLEN(8)

The following examples assume the use of the IIMS facility for PSB security. Substitute non‑standard PSB resource class, if one is in use.

This example uses the ADDTO command function to add an IIMS general resource to establish ownership:

TSS ADDTO(acid) IIMS(psbname)

This example allows the dependent region ACID access to the PSB:

TSS PERMIT(acid) IIMS(psbname)
                 FACILITY(IMSPROD)

TSS PERMIT(acid) IIMS(psbname)

The first permission allows the dependent region access to the PSB only in regions using the IMSPROD facility. The second permission allows the user to access the PSB unrestricted by facility.

JIMS Resource Class

The JIMS resource class documented in the IMS product documentation for PSB grouping has no meaning in CA Top Secret. Use profiles for PSB grouping, or permit individual PSBs in the IIMS resource class.