Previous Topic: Make RACF ChangesNext Topic: Multiple Job Security

Security Best PracticesUse UID Security

Use UID Security

Use UID security to control who can access which jobs.

Business Value:

Using external security for UIDs lets you change UID security without having to restart CA7ONL.

Additional Considerations:

Use the CA WA CA 7 Edition UID, user security identification, to control which users have access to which jobs. You can find the UID on the DB.1 panel.

To use external security to implement UID security controls

  1. Decide whether you want to use the default UID table, SASSRTBL, or create a site-specific UID table. If you want to build your own table, the source for SASSRTBL is in the CAL2SRC library and serves as a model. Update the CA WA CA 7 Edition SMP/E environment using USERMOD AL2UM09 in the CAL2OPTN library.
  2. Add the keyword UID=aaaaaaa on the SECURITY statement in the initialization file, where aaaaaaaa is SASSRTBL for the default module or the name of the module that you created.
  3. Authorize, through your external security package, user IDs to have access to resource names in the SASSRTBL (or site-specific module) that correlate to the UID value. This authorization occurs under the PANEL resource class, or another class as defined by the RCLASS keyword on the SECURITY statement in the initialization file.
  4. Place the resource name that a user is permitted to use in the user's profile using the /PROFS command.
  5. Verify that a UID value is associated with each job through the job definition panel. This value is used to determine which users have access to the job.

How it works:

When a user logs into CA7ONL, the user's profile is examined for the UID resource name (added through the /PROFS command). A security call is made to verify that the user has access to that UID resource. The UID resource is then resolved into a UID number from the SASSRTBL (or site-specific module).

For example, assume that you give USER1 the profile resource of CA70001. When USER1 logs on to CA WA CA 7 Edition, a call is made to external security to see whether they have access to the resource of CA70001. If they do, then their UID value is set as 001, meaning that they can only access jobs with a UID value on the job definition panel of 1 or 0.

Without a UID= on the SECURITY statement, your internal security module is checked to see whether the USERID is present. If so and if it has a UID value, that value is used. If you have assigned COIDs, you continue to use your USER= module for this purpose.