This article briefly describes the remaining types of Resource Classes you can define to implement external security for the Datacom features or data to the table or view level.
Release: 15.1
Component: Datacom/AD
Component: Datacom/DB
There are four types of Resource Classes you can define to protect your Datacom products, features or data to the table or view level. These are:
Administrator Resource Classes
Define the Administrator Resource Class, DTADMIN. This resource class consists of the CXXname plus a two-character product code (DB or DD). It is used to define product administrator authority.
When you associate the CXXname.DB administrator resource class with a user accessor (ACID), that user will be able to create a schema for SQL access, issue GRANT or REVOKE SQL statements, or DROP any SQL table.
A user with CXXname.DD is a Datadictionary Security Administrator and will be able to run 4099 Field transactions, add and maintain relationship definitions.
Table Resource Classes
Beginning with CA Datacom release 11.0, you can now define up to ten Table Resource Classes:
DCTABLE
DFTABLE
DGTABLE
DHTABLE
DPTABLE
DQTABLE
DRTABLE
DSTABLE
DTTABLE
DXTABLE
To define Table Resource Classes, add the following to the commands to the appropriate external security product:
DnTABLE cxxname.DB0nnnn.table
Where: DnTABLE Table Resource Name - substituting n by C, F, G, H, P, Q, R, S, T, or X These Table Resource Names are arbitrary, in other words they don't have significance other than assisting you in categorizing or associating the table to the path from which the requests are made. See "Defining Multi-User Startup Security Options and Path Security" below. cxxname Name of the CXX associated with the Datacom Multi-User Facility whose data is being secured. DB0nnnn DBID of the database. table 3-character Datacom name of the table.
You can identify Datacom tables and multiple access levels for each table. The access levels correspond to:
ADD
DELETE
READ
UPDATE
Defining Security Startup Option and Path Security
Release 11.0 and forward is delivered with ten separate security paths.
Defining Multi-User Startup SECURITY Option
The SECURITY Multi-User startup option allows you to code class-and-path options as follows:
SECURITY class-and-path1,class-and-path2,...class-and-path10
The class and path options can be coded in any order. They are keyword driven and up to one class-and-path option per table resource class may be coded.
Path Security
The format of an individual class-and-path parameter is as follows:
DBaabbb Where: DB Constant aa Valid class codes: DC, DF, DG, DH, DP, DQ, DR, DS, DT, DX, and NO These class codes correspond to the table classes defined in the external security system, NO refers to no path security. bbb Valid path codes: SCI CICS SQL SCQ CICS SQL for CA-Dataquery RCI CICS non-SQL RCQ CICS non-SQL for CA-Dataquery RAQ non-CICS, non-SQL for CA-Dataquery SSR Server SQL RSR Server non-SQL SQL All other paths SQL SQQ SQL non-CICS for CA-Dataquery RAT All other paths non-SQL
An example of a startup option with all ten possible classes specified for six different paths is:
SECURITY DBDTRAT,DBDCSCI,DBDRSSR,DBDFRCI,DBDSSQL,DBDXRSR,DBDPSCQ, DBDHRCQ,DBDGRAQ,DBDQSQQ
Utility Resource Classes
Define Utility Resource Classes with DTUTIL. This is required if any non-SQL access path is defined. Each resource in the DTUTIL resource class represents one Datacom DBUTLTY function, and the users allowed to execute them. The format of this resource class varies with each of the three products it supports ? DB, DD and DQ. It can also be used to secure SQL plans.
The following is an example of securing the DBUTLTY BACKUP function:
DTUTIL cxxname.DBUTLTY.BACKUP.DATA Where: DTUTIL Constant - Resource Class cxxname Name of the Directory (CXX) for the Datacom Multi-User Facility being secured DBUTLTY Constant - Name of the utility BACKUP Name of the DBUTLTY function DATA Indicates backup of a data area
NOTE: Some DBUTLTY functions also require that certain table and/or DTUTIL resources be defined. Go to Using External Security for Datacom in our Datacom documentation for details.
Set up User or Group Permissions
Define specific user or group permissions to the resources defined. Define all information for user/group permissions and resource table classes before defining access path permissions or securing the CXX (Directory) with the DTSYSTEM resource.