How to Implement External Security for Datacom - Prerequisites?


Article ID: 51583


Updated On:


CA Datacom CA DATACOM - AD CA Ideal CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware



This document is the first in a series of articles that summarize what is required to implement external security for Datacom using one of the three external security products, ACF2, TopSecret, or RACF. Full documentation on this functionality is published in the CA Datacom/DB Security Guide. This document describes the prerequisites and what they are used for.


The following products or sub-components must be defined before you begin to implement external security for Datacom:

CAIRIM - A Component of CA-Common Services (for z/OS) or CA-CIS (for z/VSE).

This component should have been installed prior to installing CA Datacom/DB or CA Datacom/AD. CAIRIM is how you can define the SVC which defines the Multi-User being used.

CAISSF - Is a subservice of CAIRIM, and provides the link between the Advantage CA Datacom products and the external security product. For RACF define the CA Command [email protected] (by default).

CAIIPC - CA Inter-Product Components is required for Datadictionary (and Advantage CA-Ideal) online Signons.

You must use the SC00OPTS SECRTY=Y , if you want UserIDs and Passwords validated by the external security product. This parameter must be "Y" the default is "N". See Section 2.6 Enabling Online Signons in the CA Datacom Security Guide.

ACF2, TopSecret, or RACF - Installing one of the three external security products at current releases.

MUF authorized - The Multi-User Facility (MUF) must run authorized if using external security in a z/OS environments. Ensure that all libraries in the concatenation be in an authorized state. Note that starting with Release 12, Multi-User must run authorized regardless of whether external security is in place or not.

DBCVTPR - Modify DBCVTPR USERID= parameter. The DBCVTPR USERID parameter governs format of the UserID that is passed to Datacom with each online request.

  • USERID=NO When external security is used, that value forces Advantage CA-Datacom/DB to use the 3-byte operator ID (CICS OPERID) instead of the 8-byte UserID (CICS USERID). In a RACF environment, USERID=NO means that Advantage CA-Datacom/DB uses the 3-byte operator ID, not the group ID, to secure the database. In Advantage CA-Datacom CICS Services r2.5 and before, if USERID=NO and external security was in use, Advantage CA-Datacom/DB used an 8-byte UserID to secure the database.

  • USERID=YES forces Advantage CA-Datacom/DB to use the 8-byte CICS USERID.


For more details see the CA Datacom/CICS Services 11.0 System Guide.


Component: DB