Previous Topic: OTRAN SecurityNext Topic: Application Interface

Implementing Security for CA IDMSImplementing SecurityImplementing Database Resources

Implementing Database Resources

Database resources are accessed through internal or external security. The correspondence between IDMS internal RESTYPE and external security EXTCLS resource classes is defined by the #SRTT assembly in the IDMS.SAMPJCL member UMODSRTT.

Database Resources in the #SRTT

When RESTYPE=DB is employed, the assembly provides default entries for all related database resources, both traditional navigational RESTYPE and SQL RESTYPE.

It is the user's responsibility to provide customized entries for any RESTYPE included in this group.

Define one or more resource classes in the RDT to correspond with the EXTCLS values you define in the entries. Do not use the same idmssys RESCLASS employed for system resources like SGON and TASK because the access levels used for DB RESTYPE is significantly different.

For information on the database resources specified in the #SRTT assembly, see the CA IDMS Security Administration Guide.

Define an RDT RESCLASS for IDMS DB RESTYPEs

The following RDT RESCLASS may be used as a model for all IDMS Database RESTYPEs:

TSS ADD(RDT) RESCLASS(idmsdb)
             RESCODE(xx)
             MAXLEN(44)
             ATTR(DEFPROT,PRIVPGM)
             DEFACC(READ=4000)
             ACCLVL(ALL,UPDATE=8000,READ=4000,CREATE=2000,DELETE=1000,NONE)
idmsdb

An arbitrary name assigned for the resource class in the RDT.

xx

An unassigned user-defined resource code.

Traditional RDT Entries with IDMS Resources

To maintain compatibility with prior releases, the navigational database resource types DATABASE and AREA can be defined as separate resource classes. SRTT entries can use existing RDT entries for DATABASE and AREA already defined to the RDT. RUNUNIT must be defined separately.

To allow administration of the DATABASE resource in the traditional manner use:

#SECRTT TYPE=ENTRY,
        RESTYPE=DB,SECBY=EXTERNAL,
        EXTCLS=DATABASE,EXTNAME=(RESNAME)

Database security can be defined using the model resource:

TSS ADD(dept) DATABASE(dbname)

TSS PER(user) DATABASE(dbname)
              ACC(UPDATE,READ)

#SECRTT TYPE=ENTRY,
        RESTYPE=DB,SECBY=EXTERNAL,
        EXTCLS=IDMSDB,EXTNAME=(RESTYPE,RESNAME)

In this case, administration proceed with the format:

TSS ADD(dept) IDMSDB(DB.dbname)

TSS PER(user) IDMSDB(DB.dbname)
              ACC(UPDATE,READ)

The IDMS #SRTT assembly provides maximum flexibility in defining the correspondence between IDMS internal resource types with CA Top Secret external RDT resource classes. It is the user's responsibility to define a consistent correspondence according to the mechanisms defined in the IDMS #SECRTT macro.