The object of the security feature is to ensure that users access only those PSBs for which they have authorization. The MSO server can query standard security systems through the standard SAF interface before allowing a user to access a PSB.
The DBCTL function is tested and verified with the RACF product; other SAF products using the identical calls should perform properly when installed and verified by your site's security administrator.
RACF comes with several predefined security classes. Customer sites can use an existing class (such as PCICSPSB) or define a resource class specifically for DBCTL use.
The following example illustrates how to define a PSB resource through a PCICSPSB profile to RACF and how to grant users permission to access the resource.
RDEFINE PCICSPSB (psbname) UACC(NONE) NOTIFY(sys_admin_userid)
PERMIT psbname CLASS(PCICSPSB) ID(user_or_group [user_or_group ...])
ACCESS(READ)
where:
user_or_group
To implement DBCTL security, include the IMSSEC=ON and IMSCLASS attributes in the MSO configuration file during installation (see Installation Instructions).
The syntax is
IMSSEC = {ON|OFF}
IMSCLASS = classname
where:
At run time, after the PSB is selected but prior to scheduling it, the MSO server issues a call to the security system and verifies that the user is authorized to read the PSB.
Note: The ON setting for IMSSEC requires the MSO server to be in authorized mode.
Information Builders |