Program registration verifies the CA‑IDMS application program is authorized to access the requested subschema. TIBCO Service Gateway for IDMS/DB uses one of the following identifiers as the program ID in the CA‑IDMS BIND RUN UNIT:
Depending on which identifier you want the Gateway to use as the program ID in the CA‑IDMS BIND RUN UNIT, you must specify one of three combinations of the SECLEVEL, SECURITY, and EXTERNALUSERID parameters at the Gateway startup time. The following table illustrates these three combinations. Refer to
Supplying Service Gateway for IDMS/DB Startup Parameters for descriptions of these parameters.
The external security package you are using verifies that the user ID is authorized to access the requested subschema. When the external security package is invoked, one of the following three identifiers is passed as the user ID:
You must install the TIBCO Object Service Broker external security interface macros to pass the TIBCO Object Service Broker session ID or the current TIBCO Object Service Broker security group as the user ID. Depending on which identifier you want to pass as the user ID, you must specify one of four combinations of the
SECLEVEL,
SECURITY, and
EXTERNALUSERID parameters at startup. The following table illustrates the four combinations. For details, see
Supplying Service Gateway for IDMS/DB Startup Parameters and
Implementing External Security.
The user ID that submits the Gateway job if the Gateway is running as a batch job.
To restrict the ability to define IDM tables from within TIBCO Object Service Broker, restrict read access to the TIBCO Object Service Broker control tables
@IDMSRECORDS,
@IDMSELEMENTS,
@IDMSSETS, and
@IDMSINDEXES.
To guarantee consistency when updating both TDS and CA‑IDMS data from a single instance of TIBCO Service Gateway for IDMS/DB in a single transaction, you must use Fail Safe level 1 processing. For more information, refer to
Implementing Fail Safe Processing.
The TIBCO Object Service Broker Managing Security manual for more information on restricting table access.