Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 Installing Service Gateway for IMS/DB : Implementing Security

Implementing Security
The following types of security are available from the Gateway:
Specifying TIBCO Object Service Broker Security
To restrict the ability to define IMS tables, restrict read access to the @IMSTABLES and @IMSFIELDS TIBCO Object Service Broker control tables.
Implementing IMS Security
The Gateway provides a number of methods of authorizing access to IMS resources. This is determined by the combination of the SECLEVEL parameter and various other gateway parameters. The table below explains each of the seven methods. Refer to Supplying Gateway Startup Parameters and Implementing External Security for more information on IMS security.
All IMS database accesses are verified using the ID that started the Gateway using the DL/I interface (if running as a batch job) or the started task name (if running as a started task). The Gateway using the BMP interface is authorized as specified by the existing IMS security.
CLASS
RESOURCE
The TIBCO Object Service Broker session ID, current security group, or a combination of both is used to verify access to the specified CLASS and RESOURCE.
CLASS
RESOURCE DBDCLASS
The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified CLASS, RESOURCE, DBDCLASS, and IMS database.
The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified DBDCLASS and IMS database.
CLASS
RESOURCE SEGCLASS
The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified CLASS, RESOURCE, SEGCLASS, and IMS database and segment.
The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified SEGCLASS, and IMS database and segment.
The TIBCO Object Service Broker session ID, current security group, or a combination of the two is used to verify access to the specified PSBCLASS and PSB.
Specifying the External Security Interface for DB2 Data Access
If the external security interface is requested (SECLEVEL=1) in the initialization parameters, only the IMS external security interface is invoked. The DB2 external security interface is not invoked. Refer to Implementing External Security and TIBCO Service Gateway for DB2 Installing and Operating for more information on the external security interface.
DB2 Security for the Gateway
If the Gateway is using the DL/I or BMP interface, the primary authorization ID passed to DB2 is as follows:
The authorization ID passed to DB2 is …
An external security package, such as RACF, CA-ACF2, or CA-Top Secret, is not available to build the z/OS field ASXBUSER (address space extension block)
See Also
TIBCO Object Service Broker Managing Security for more information on restricting table access.
DB2 Administration Guide for information on controlling access to a DB2 subsystem.
TIBCO Service Gateway for DB2 Installing and Operating for information on the security required by the primary authorization ID.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved