Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 7 Operational Requirements for CA Datacom Access : Implementing Security

Implementing Security
Security can be implemented at both the CA Datacom and TIBCO Object Service Broker levels of access:
If the server Startup Parameter SECLEVEL is 0, the server passes information on the user in the User Information Block (UIB). The user ID is in positions 4 through 11 of the UIB.
If you specify the X option in the DEBUGPARMS field in the @SERVERDEBUG(DAT) table, the literal PXX is inserted in positions 1 through 3 of the UIB to denote that additional statistics are to be collected. CA Datacom security can make use of those statistics. For details, see Specifying the Startup Parameters.
If the server Startup Parameter SECLEVEL is 1, the CA Datacom security is handled as follows:
Users of a rules-based application that will access Datacom tables must invoke the rule SET_DAT_SEC(userid, password) from their sessions, setting the user credentials to be passed to the server.
When first allocated to a particular transaction, the server instance accepts those credentials and creates or modifies a respective ACEE. All the subsequent CA Datacom calls within the boundaries of the current transaction are carried out on behalf of the user identified by those credentials.
As long as the caller does not invoke rule SET_DAT_SEC again, any server instance allocated to this caller uses the same user credentials when communicating with CA Datacom.
It is only at the transaction boundary that the server accepts new user credentials set by the caller by invoking rule SET_DAT_SEC.
To restrict access to the DAT tables after they are defined, proceed with security as for any TIBCO Object Service Broker table. For details, see the TIBCO Object Service Broker Managing Security manual.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved