The IMS AUTH call is used to inquire against the standard security interface (SSI), so that a program can check IMS internal and external security for the signed-on user before making a request for resources.
The AUTH call makes security requests on behalf of the signed-on user. If the resource is defined in the SECURITY gen, no external security check is performed. The request will be allowed with an IOPCB status of spaces or denied with a status of A4, depending entirely on the compiled rules genned into the region's MATRIX data sets.
This example defines and permits PIMS:
TSS ADDTO(RDT) RESCLASS(PIMS)
RESCODE(xx)
MAXLEN(8)
TSS ADDTO(dept) PIMS(dbdname)
TSS PERMIT(acid) PIMS(dbdname)
If the AUTH standard or generated RESCLASS is used in CA Top Secret, it is used only for these application AUTH calls. These resource classes are not used for CA Top Secret IMS resource security.
Use the CA Top Secret Application Interface for applications-based authorization processing. This interface uses the same resource classes and permissions used to protect actual IMS access.
If you use the IMS AUTH call for application-based resource security, translate the IMS generated resource classes into traditional TSS defined resource classes. To implement resource translation, use the RXLTADD operand to add translation entries to the appropriate IMS facility definition.
This example translates IMS generated TIMS transaction security requests to the traditional TSS OTRAN resource class for the IMSPROD facility:
TSS MODIFY FACILITY(IMSPROD=RXLTADD(TIMS:OTRAN))
After this command is executed, resource security calls with the TIMS resource class are checked against OTRAN user permissions.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|