If LOCK resource security is enabled, when a database is specified on a LOCK or UNLOCK command, IMS performs a security validation to see if the user is allowed to LOCK or UNLOCK the database.
IMS uses a SAF call to invoke CA Top Secret database security. The resource class for these database security calls is formed from the prefix "P" and the value established for the RCLASS parameter (which defaults to "IMS").
Note: This is the same resource class that IMS uses for database authorization for the IMS application AUTH call.
Rather than use RCLASS to distinguish security permissions for different regions, CA Top Secret encourages the administrator to make use of separate facilities for distinguished regions and to distinguish region-specific permissions by FACILITY.
If LOCK resource security is enabled, the security administrator must create an RDT entry for the database resource class. The following example assumes the use of the PIMS resource class for database security.
TSS ADD(RDT) RESCLASS(PIMS)
RESCODE(xx)
MAXLEN(8)
The following instructions assume the use of the PIMS facility for database security. The administrator should substitute their non‑standard database resource class, if one is in use.
PIMS is a general resource that can be ADDed to establish ownership:
TSS ADDTO(acid) PIMS(database)
To allow the user to LOCK or UNLOCK the database, enter:
TSS PERMIT(acid) PIMS(database)
FACILITY(IMSPROD)
TSS PERMIT(acid) PIMS(database)
The first permission allows the user to LOCK and UNLOCK the database only in regions using the IMSPROD facility. The second permission allows the user to LOCK and UNLOCK the database unrestricted by facility.
The QIMS resource class documented in the IMS product documentation for database grouping has no meaning in CA Top Secret. You can use profiles for database grouping, or permit individual databases in the PIMS resource class.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|