How to Implement External Security for Datacom - Prerequisites?
search cancel

How to Implement External Security for Datacom - Prerequisites?

book

Article ID: 51583

calendar_today

Updated On:

Products

Datacom DATACOM - AD Datacom/DB Datacom/Server Datacom/AD

Issue/Introduction

This document is the first in a series of articles that summarize what is required to implement external security for Datacom using one of the three external security products, ACF2, TopSecret, or RACF. Full documentation on this functionality is published in the Datacom/DB Security Guide. This document describes the prerequisites and what they are used for.

Environment

Release: Datacom

Resolution

The following products or sub-components must be defined before you begin to implement external security for Datacom:

CAIRIM - A component of Common Services (for z/OS) or CIS (for z/VSE).

This component should have been installed prior to installing Datacom/DB or Datacom/AD. CAIRIM is how you can define the SVC which defines the Multi-User being used.

CAISSF - Is a subservice of CAIRIM, and provides the link between the Advantage Datacom products and the external security product. For RACF define the Command CA@MD (by default).

CAIIPC - CA Inter-Product Components is required for Datadictionary (and Advantage Ideal) online Signons.

You must use the SC00OPTS SECRTY=Y , if you want UserIDs and Passwords validated by the external security product. This parameter must be "Y" the default is "N". 

ACF2, TopSecret, or RACF - Installing one of the three external security products at current releases.

MUF authorized - The Multi-User Facility (MUF) must run authorized if using external security in a z/OS environments. Ensure that all libraries in the concatenation be in an authorized state. Note that starting with Release 12, Multi-User must run authorized regardless of whether external security is in place or not.

DBCVTPR - Modify DBCVTPR USERID= parameter. The DBCVTPR USERID parameter governs format of the UserID that is passed to Datacom with each online request.

  • USERID=NO When external security is used, that value forces Advantage Datacom/DB to use the 3-byte operator ID (CICS OPERID) instead of the 8-byte UserID (CICS USERID). In a RACF environment, USERID=NO means that Advantage Datacom/DB uses the 3-byte operator ID, not the group ID, to secure the database. In Advantage Datacom CICS Services r2.5 and before, if USERID=NO and external security was in use, Advantage Datacom/DB used an 8-byte UserID to secure the database.

  • USERID=YES forces Advantage Datacom/DB to use the 8-byte CICS USERID.