Security

All operating system security features or restrictions that are in effect apply to the Interface.

FOCUS respects all existing IMS security. That is, a user must be defined to the IMS DBMS as authorized to use the PSB that controls access to the data. This authorization must come from the IMS database administrator (DBA) via the application group name (AGN).

When using the DBCTL facility, the Interface supports access to standard security systems through the standard SAF interface. The SAF interface is supported by security products such as RACF, CA-TOP SECRET, and CA-ACF2. Before allowing access to a particular PSB, the system verifies that the user is authorized to read the PSB. Security, discusses DBCTL security.

FOCUS also provides its own security facilities; you can use them as a complement to IMS security. For example, you can encrypt Master Files that contain security information. FOCUS security can enforce the following levels of restriction:

• File-level security to prevent access to an IMS database.
• Field-level security to limit the fields within an IMS database that are accessible to a user.
• Field-value security to limit the segments within an IMS database that are accessible to a user based on a specified field's values.

Thus, FOCUS provides the Database Administrator with a more sensitive security mechanism than does IMS, making it possible to use a few broadly sensitive Program Specification Blocks (PSBs) for a large class of users, rather than generating PSBs for every combination of access rights.

Refer to the FOCUS for IBM Mainframe Users Manual for information about DBA security.