Setting up ACF2 definitions when implementing Pass Tickets with IDMS
search cancel

Setting up ACF2 definitions when implementing Pass Tickets with IDMS

book

Article ID: 48217

calendar_today

Updated On:

Products

IDMS IDMS - Database IDMS - ADS

Issue/Introduction

Using PassTickets to access an IDMS CV system requires these definitional components:

  • ACF2 security definitions
  • Information defined in the IDMS security type table (SRTT).

The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.

Environment

IDMS - all supported releases

Resolution

Note : All of the following definitions are examples and can vary by installation. Parameters can be selected for auditing, performance, and other installation-specific needs.

Follow these steps:

  1. Secure signon for use with ACF2.

    First, define information to the SRTT using the #SECRTT macro:
    #SECRTT TYPE=ENTRY,
    RESTYPE=SGON,
    SECBY=EXTERNAL,
    EXTCLS='SGO',
    EXTNAME=(RESNAME)

    Notes : SGO is a user-defined external resource class. For more information on the #SECRTT macro, see the CA IDMS Security Administration Guide.

    Then, secure the CV system resource.

    Example : For CV systems with the id SYSTEM85 specified on the SYSTEM ID statement of the SYSGEN SYSTEM statement and the user FIMX006:
    $KEY(SYSTEM85) TYPE(SGO)
    $USERDATA(SYSTEM85)
    UID(FIMX006) LOG

    Note : $USERDATA is for commenting only and is not required.

  2. Add a session key for a particular application id (applid). The applid for an IDMS CV system is the id of the first VTAM line (or the system nodename if no VTAM lines are defined). A session key is a 1 to 16-character hexadecimal value. Both the PassTicket generator and the target application must use the same session key.

    Example : For the application APLID851:
    SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
    INSERT APLID851 SSKEY(1ADEF39872EA423C)
    F ACF2,REBUILD(PTK),CLASS(P)

  3. Add permission for the user to generate and use a PassTicket for an application.

    Example : For the application id APLID851 and the user FIMX006:
    ACFNRULE KEY(IRRPTAUTH) TYPE(PTK) ADD(APLID851.FIMX006)
    UID(FIMX006) SERVICE(READ,UPDATE) ALLOW)
    F ACF2,REBUILD(PTK)