![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |
To restrict the ability to define IMS tables, restrict read access to the @IMSTABLES and @IMSFIELDS TIBCO Object Service Broker control tables.The Gateway provides a number of methods of authorizing access to IMS resources. This is determined by the combination of the SECLEVEL parameter and various other gateway parameters. The table below explains each of the seven methods. Refer to Supplying Gateway Startup Parameters and Implementing External Security for more information on IMS security.
All IMS database accesses are verified using the ID that started the Gateway using the DL/I interface (if running as a batch job) or the started task name (if running as a started task). The Gateway using the BMP interface is authorized as specified by the existing IMS security. CLASS
RESOURCE The TIBCO Object Service Broker session ID, current security group, or a combination of both is used to verify access to the specified CLASS and RESOURCE. CLASS
RESOURCE DBDCLASS The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified CLASS, RESOURCE, DBDCLASS, and IMS database. The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified DBDCLASS and IMS database. CLASS
RESOURCE SEGCLASS The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified CLASS, RESOURCE, SEGCLASS, and IMS database and segment. The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified SEGCLASS, and IMS database and segment. The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified PSBCLASS and PSB.If the external security interface is requested (SECLEVEL=1) in the initialization parameters, only the IMS external security interface is invoked. The DB2 external security interface is not invoked. Refer to Implementing External Security and TIBCO Service Gateway for DB2 Installing and Operating for more information on the external security interface.If the Gateway is using the DL/I or BMP interface, the primary authorization ID passed to DB2 is as follows:
The authorization ID passed to DB2 is … The user ID that submitted the Gateway job. An external security package, such as RACF, CA-ACF2, or CA-Top Secret, is not available to build the z/OS field ASXBUSER (address space extension block) TIBCO Object Service Broker Managing Security for more information on restricting table access.DB2 Administration Guide for information on controlling access to a DB2 subsystem.TIBCO Service Gateway for DB2 Installing and Operating for information on the security required by the primary authorization ID.
![]() |
Copyright © TIBCO Software Inc. All Rights Reserved |