Setting up ACF2 definitions when implementing Pass Tickets with IDMS
book
Article ID: 48217
calendar_today
Updated On:
Products
IDMSIDMS - DatabaseIDMS - ADS
Issue/Introduction
Using PassTickets to access an IDMS CV system requires these definitional components:
ACF2 security definitions
Information defined in the IDMS security type table (SRTT).
The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.
Environment
IDMS - all supported releases
Resolution
Note : All of the following definitions are examples and can vary by installation. Parameters can be selected for auditing, performance, and other installation-specific needs.
Follow these steps:
Secure signon for use with ACF2.
First, define information to the SRTT using the #SECRTT macro: #SECRTT TYPE=ENTRY, RESTYPE=SGON, SECBY=EXTERNAL, EXTCLS='SGO', EXTNAME=(RESNAME)
Notes : SGO is a user-defined external resource class. For more information on the #SECRTT macro, see the CA IDMS Security Administration Guide.
Then, secure the CV system resource.
Example : For CV systems with the id SYSTEM85 specified on the SYSTEM ID statement of the SYSGEN SYSTEM statement and the user FIMX006: $KEY(SYSTEM85) TYPE(SGO) $USERDATA(SYSTEM85) UID(FIMX006) LOG
Note : $USERDATA is for commenting only and is not required.
Add a session key for a particular application id (applid). The applid for an IDMS CV system is the id of the first VTAM line (or the system nodename if no VTAM lines are defined). A session key is a 1 to 16-character hexadecimal value. Both the PassTicket generator and the target application must use the same session key.
Example : For the application APLID851: SET PROFILE(PTKTDATA) DIVISION(SSIGNON) INSERT APLID851 SSKEY(1ADEF39872EA423C) F ACF2,REBUILD(PTK),CLASS(P)
Add permission for the user to generate and use a PassTicket for an application.
Example : For the application id APLID851 and the user FIMX006: ACFNRULE KEY(IRRPTAUTH) TYPE(PTK) ADD(APLID851.FIMX006) UID(FIMX006) SERVICE(READ,UPDATE) ALLOW) F ACF2,REBUILD(PTK)