Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 Installing Service Gateway for IDMS/DB : Implementing Security

Implementing Security
Use one of the following methods to secure access to CA‑IDMS objects:
Using Program Registration
Program registration verifies the CA‑IDMS application program is authorized to access the requested subschema. TIBCO Service Gateway for IDMS/DB uses one of the following identifiers as the program ID in the CA‑IDMS BIND RUN UNIT:
1.
2.
3.
CA‑IDMS Security Requirements if Using Program Registration
Depending on which identifier you want the Gateway to use as the program ID in the CA‑IDMS BIND RUN UNIT, you must specify one of three combinations of the SECLEVEL, SECURITY, and EXTERNALUSERID parameters at the Gateway startup time. The following table illustrates these three combinations. Refer to Supplying Service Gateway for IDMS/DB Startup Parameters for descriptions of these parameters.
Program ID in CA‑IDMS BIND RUN UNIT
Ignored if specified.
TIBCO Object Service Broker session ID.
Do not include this parameter.
Current TIBCO Object Service Broker security group name.
Do not include this parameter.
External Security Package
The external security package you are using verifies that the user ID is authorized to access the requested subschema. When the external security package is invoked, one of the following three identifiers is passed as the user ID:
The user ID that started the Gateway (or started task name for started task Gateways)
You must install the TIBCO Object Service Broker external security interface macros to pass the TIBCO Object Service Broker session ID or the current TIBCO Object Service Broker security group as the user ID. Depending on which identifier you want to pass as the user ID, you must specify one of four combinations of the SECLEVEL, SECURITY, and EXTERNALUSERID parameters at startup. The following table illustrates the four combinations. For details, see Supplying Service Gateway for IDMS/DB Startup Parameters and Implementing External Security.
Identifier Passed to CA‑IDMS
STN 1/USJ 2
The TIBCO Object Service Broker external security interface macros are not installed; do not include this parameter.
TIBCO Object Service Broker session ID
Current TIBCO Object Service Broker security group name

1
The started task name if the Gateway is running as a started task.

2
The user ID that submits the Gateway job if the Gateway is running as a batch job.

TIBCO Object Service Broker Security
To restrict the ability to define IDM tables from within TIBCO Object Service Broker, restrict read access to the TIBCO Object Service Broker control tables @IDMSRECORDS, @IDMSELEMENTS, @IDMSSETS, and @IDMSINDEXES.
Fail Safe Processing
To guarantee consistency when updating both TDS and CA‑IDMS data from a single instance of TIBCO Service Gateway for IDMS/DB in a single transaction, you must use Fail Safe level 1 processing. For more information, refer to Implementing Fail Safe Processing.
See Also
The TIBCO Object Service Broker Managing Security manual for more information on restricting table access.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved