The easiest way to secure ODBC access to IDMS data is with TASK-level security. 

Release: All supported releases.
Component: IDMS Server

Enable task level security internally in RHDCSRTT:-

#SECRTT TYPE=ENTRY,SECBY=INT,RESTYPE=TASK

Create a RESOURCE CATEGORY in OCF with the appropriate tasks:- 

CREATE RESOURCE CATEGORY ODBC_AUTH
       ADD TASK CASERVER
       ADD TASK IDMSJSRV
       ;

If using protocol CCI, task CASERVER must be included (shown above).

If using protocol IDMS (the "wire" protocol), then whichever TASK is specified on the PARM IS clause of the bulk PTERM must be included. This is normally IDMSJSRV, as is shown here.

ADD PTERM TCPJSRV
    ENABLED
    IN LINE TCPIP
    MAXIMUM ERRORS IS 3
    PRINTER CLASS IS 1
    READBUFFER
    TYPE IS LISTENER
    TASK IS RHDCNP3J MODE IS SYSTEM
    PORT IS 3799
    BACKLOG IS 100
    IP STACK NAME IS TCPIP99
      PARM IS
        'TASK=IDMSJSRV'
    MAXIMUM NUMBER OF CONNECTIONS IS OFF
    .

Also, if using the IDMS protocol, task RHDCNP3J must be completely unsecured because the line driver invokes it before the user id and password are received. This can be done by creating an override for the task in RHDCSRTT:-

#SECRTT TYPE=OCCURRENCE,RESNAME='RHDCNP3J',RESTYPE=TASK,SECBY=OFF

Once these security definitions are in place, access can be granted to individual users (or groups) with this:-

GRANT EXECUTE ON CATEGORY ODBC_AUTH
         TO JOHN_SMITH;