A type 1 AOI command is an IMS command issued by a transaction program using the IMS CMD communications call.
SMU provides security for type 1 AOI commands by controlling the commands issued by specific IMS transactions. SMU has two ways to define this security:
In both cases the statements establish a relationship between IMS commands and the transactions that issue them.
The security provided by the CA Top Secret IMS security interface for a type 1 AOI command is determined by the AOI= parameter in the IMS system definition TRANSACT macro for the transaction issuing the command. Possible values are:
The transaction is not allowed to issue any AOI type 1 commands. This restriction is enforced by IMS. No calls are made to CA Top Secret.
Validations are performed for AOI type 1 commands using the ACID of the user who entered the transaction issuing the command. Checking user access to the command is the most granular security option. An individual user or a set of users is given access to a command. The users can be given access to one command entered through a transaction and denied access to another command entered through the same transaction. This alternative allows for individual accountability in the security process; when an access is denied, the violation is for the individual user.
The migration from transaction based to user based security is not straightforward. If a user has access to a transaction that issues type 1 AOI commands they must also be given access to each command the transaction issues.
This alternative uses the TSSISMU3 conversion program to migrate from SMU AOI security to CA Top Secret.
CA Top Secret performs security validations for AOI type 1 commands using an ACID defined for the transaction issuing the command. This does not provide individual accountability. If access is denied the violation is for the transaction ACID rather than the user executing the transaction.
Select this option only if CA Top Secret is used for transaction security. CA Top Secret controls user access to the transaction using IMS transaction security and controls what commands the transaction can issue using AOI command security. This alternative is a direct parallel to the SMU security process and migration is straightforward.
This alternative uses the TSSISMU1 conversion program to migrate from SMU AOI security to CA Top Secret.
CA Top Secret performs security validations for the transaction issuing the AOI type 1 command using an ACID of the command. This alternative does not provide individual accountability. If access is denied the violation is for the ACID for the command.
Select this option only if CA Top Secret is used for transaction security. CA Top Secret controls user access to the transaction using IMS transaction security based on the user and what commands the transaction can issue using transaction security based on the command. This alternative is an inverse of the SMU security process.
No conversion program is provided for this alternative.
Note: Mixed AOI security implementation is possible in a single IMS region. Specify AOI=YES is for some transactions and AOI=TRAN for others.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|