z/OS Security › TCP/IP Security › IMS › OTMA › OTMA Security Levels

OTMA Security Levels

There are four OTMA security levels: NONE, CHECK, FULL, and PROFILE. The OTMA security level for an IMS system may be established by an IMS startup parameter specification, OTMASE=, in the DFSPBxxx member of the IMS procedure library or by the /SECURE OTMA command. By default, the OTMA security level in IMS is set to FULL (or F). The meanings of the parameters are as follows:

• CHECK—Causes existing RACF calls to be made. The IMS commands are checked using the RACF resource class of CIMS. The IMS transactions are checked using TIMS.
• FULL—Causes the same processing as the CHECK parameter, but uses more RACF calls to create the security environment for dependent regions.
• NONE—Does not call RACF within IMS for security verification.
• PROFILE—Causes the values in the security data section of the OTMA message prefix for each transaction to be used.

If RACF is used for security, the XCF group name and the member name (IMSXCF.group.member) are defined in the FACILITY class. If the IMSXCF.group.member is not defined in the FACILITY class, a client bid is not allowed.

The /SECURE OTMA PROFILE command can be used to enable security validation at individual transactions level.