If LOCK resource security is enabled, when a transaction is specified on a LOCK or UNLOCK command, IMS performs a security validation to see if the user is allowed to LOCK or UNLOCK the transaction.
IMS uses a SAF call to invoke CA Top Secret transaction security. The resource class for these transaction security calls is formed from the prefix "T" and the value established for the RCLASS parameter (which defaults to "IMS").
Notes:
CA Top Secret provides a system-supplied resource class TIMS.
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to make use of separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
If the administrator chooses to use a non-default RCLASS value, the administrator will be responsible for the following:
The following instructions assume the use of the TIMS facility for transaction security. The administrator should substitute their non‑standard transaction resource class, if one is in use.
TIMS is a general resource that can be added to establish ownership:
TSS ADDTO(acid) TIMS(transaction)
To allow the user to LOCK or UNLOCK the transaction, enter:
TSS PERMIT(acid) TIMS(transaction)
FACILITY(IMSPROD)
TSS PERMIT(acid) TIMS(transaction)
The first permission allows the user to LOCK and UNLOCK the transaction only in regions using the IMSPROD facility. The second permission allows the user to LOCK and UNLOCK the transaction unrestricted by facility.
The GIMS resource class documented in the IMS product documentation for transaction grouping has no meaning in CA Top Secret. You can use profiles for transaction grouping, or permit individual transactions in the TIMS resource class.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|