Setting up RACF definitions when implementing Pass Tickets with IDMS
book
Article ID: 48241
calendar_today
Updated On:
Products
IDMSIDMS - DatabaseIDMS - ADS
Issue/Introduction
Using Pass Tickets to access an IDMS CV system using RACF requires these definitional components:
RACF security definitions
Information defined in the IDMS security type table (SRTT).
The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.
Environment
IDMS - all supported releases
Resolution
.Note : All of the following definitions are examples and can vary by installation, for instance if the session key is encrypted instead of masked. Other parameters can be selected for auditing, performance and other installation-specific needs.
Follow these steps:
Create entries in the SRTT and issue supporting RACF commands to secure system signon externally. Note : For more information, see the Knowledge Base article with the document ID: KD 25174
Create a profile in the PTKTDATA class for each application to which you want to grant users access (the PTKTDATA class must be activated). The application id (applid) for an IDMS CV system is the id of the first VTAM line (or the system nodename if no VTAM lines are defined). A session key is a secured SIGNON application key in hex representation (maximum 16 characters). Both the PassTicket generator and the target application must use the same session key.
Example : For a CV where the applid (in this case the first VTAM line) is APLID851:
Add permission for a user to generate and use a PassTicket for an application. Example : For the applid APLID851 and the user FIMX06, issue the following commands:
(Optional) If PassTicket logins are processed via a CL Supersession, define a PTKTVAL where the format for PTKTVAL profile is < target application>.<requesting application>.userid.
Example : For the target application id APLID851 and the requesting application id CLSSAPPL, issue the following commands: