The following IMS dependent regions can specify an LTERM in the OUT= parameter in the dependent region JCL:
When RAS security is enabled, the IMS control region checks to see if the dependent region is permitted access to the requested LTERM. If the dependent region is not permitted access to the LTERM, the dependent region is terminated.
IMS uses a SAF call to invoke CA Top Secret LTERM security. The resource class for these LTERM security calls is formed from the prefix "L" and the value established for the RCLASS parameter (which defaults to "IMS"). This is the same resource class that IMS uses for validation for LTERMs on the LOCK and UNLOCK commands.
Rather than use RCLASS to distinguish security permissions for different regions, use separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
When RAS LTERM security is enabled, create an RDT entry for the LTERM resource class.
Examples: RAS LTERM security
This example assumes the use of the LIMS resource class for LTERM security:
TSS ADD(RDT) RESCLASS(LIMS)
RESCODE(xx)
MAXLEN(8)
The following examples assume the use of the LIMS facility for LTERM security. Substitute non‑standard LTERM resource class, if one is in use.
This example uses the ADDTO command function to add LIMS general resource to establish ownership:
TSS ADDTO(acid) LIMS(ltermname)
This example allows the dependent region ACID access to the LTERM:
TSS PERMIT(acid) LIMS(ltermname)
FACILITY(IMSPROD)
TSS PERMIT(acid) LIMS(ltermname)
The first permission allows the dependent region access to the LTERM only in regions using the IMSPROD facility. The second permission allows the user to access the LTERM unrestricted by facility.
The MIMS resource class documented in the IMS product documentation for LTERM grouping has no meaning in CA Top Secret. Use profiles for LTERM grouping, or permit individual LTERMs in the LIMS resource class.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|