Protecting Facilities › Securing CA IDMS

Securing CA IDMS

CA Top Secret provides security capabilities that work with CA‑IDMS security to extend resource control within the CA‑IDMS environment.

Security Under r15

The CA Top Secret CA IDMS Interface for r15 is invoked automatically using the CA Common Services for z/OS CAISSF component when external security is specified for the CA IDMS Signon Resource Type Table (SRTT). CA Top Secret provides security for all CA IDMS resources that are coded in the SRTT.

For information about security for CA IDMS, see the Implementation: Other Interfaces Guide and the CA IDMS Security Administrator’s Guide.

Signon Security and Authorization Restrictions

To sign on to CA IDMS a user’s ACID must be authorized to access the CA IDMS facility.

To grant access authorization you can:

• Add the facility to the ALL Record
• Add the FACILITY parameter to the ACID

All users must be defined to CA IDMS in the Data Dictionary. If a user is defined in the Data Dictionary as having a password, the user is prompted twice for a password when he attempts to sign on; once by CA IDMS for the password in the data dictionary and once by CA Top Secret for the CA Top Secret password.

Define users in the Data Dictionary as not having a password. This allows CA Top Secret to perform all password checking.

To secure CA IDMS, enter the command:

TSS ADDTO(user) FACILITY(IDMSTEST)

Transaction Security

CA Top Secret secures CA IDMS transactions:

• By protecting them at the resource level as owned resources using the OTRAN resource class
• On a user‑by‑facility basis through the Limited Command Facility (LCF)

For information on LCF and OTRAN, see the Implementation: Other Interfaces Guide.

Program and Subschema Security

Ownership of a program or a subschema immediately protects the resource across all facilities and regions. Access to the program and subschema are granted with TSS PERMIT and limited to specific regions through the FACILITY keyword as part of the program and subschema permission.

Area Security

Area security is provided for both logical and physical databases. Ownership of an area protects the resource across all defined CA‑IDMS regions. Access is granted with TSS PERMIT. Use of the area can be limited to specific regions through the FACILITY keyword as part of the area definitions.

Terminal Security

Terminals are owned resources. Ownership of a terminal protects it across all defined facilities. Access can be limited to only specific facilities through the FACILITY keyword as part of the terminal definition.

Security Administration

Security administrators can use the TSS command under CA IDMS to perform all security administration.

Changes to the security database made through a TSS command are immediately recognized by all facilities. User access can be administered during a CA IDMS terminal session.