IDMS: SO15370 functionality clarification

book

Article ID: 207064

calendar_today

Updated On:

Products

CA IDMS

Issue/Introduction

With the introduction of PassTicket support added in r18.5, IDMS CVs using RACF external security for RESTYPE SGON will incur an additional security check at sign on time. This security check requires that the user signing on has been granted access to a resource named for the APPLID of the CV's VTAM line.
If the CV has more than one VTAM line, then the VTAM line that appears first in the output of a DCMT D LINES will be the one used.

Users trying to sign on may encounter unexpected security violations if they do not have access to this resource.

SO15370 has been written to assist in addressing this situation.

Environment

Release : All supported releases.
Component : CA IDMS

Resolution

To resolve the problem of the unexpected security violations, users could be granted access to the VTAM APPLID resource in RACF.
If that is impractical, SO15370 can be used to disable the extra security check. 

With SO15370 applied, a new parameter NOPTCHK has been added to the #SECRTT macro.
This is documented at #SECRTT.

NOPTCHK has a default value of NO - do not suppress the extra call, which means no change to the existing functionality.
Setting NOPTCHK to YES will suppress the call.

If SO15370 is applied but RHDCSRTT is not re-assembled, the system will behave as if NOPTCHK=NO has been used.

Note that the NOPTCHK parameter must be on the TYPE=ENTRY,RESTYPE=SGON form of the #SECRTT macro.

 

Additional Information

SO15370 replaces RHDCSSFM and as such requires a CAIRIM refresh.

PassTicket support in r18.5 of IDMS was added with RO67787.

KD 48241: How to set up RACF definitions when implementing PassTickets with IDMS