How do you set up basic security for CA IDMS batch jobs?
For Local Batch access to databases - If RESTYPE=DB security is enabled for the DBNAME accessed in local batch we definitely will issue the relevant security checks for BIND RUNUNIT or SQL TABLE access. If you add an SRTT entry that secures the DB resource type, you automatically secure a group of database resource subtypes (DACC, NRU, AREA, QSCH, NSCH and TABL) . This is documented in Security Administration Guide, chapter "Securing Database Resources". You cannot turn off any of the DB subtypes, which means that if you turn on security for DB, you cannot turn it off for NRU, AREA.... .
For batch local mode you can also secure by DSNames which is totally through an external security manager (IDMS is not involved in that level of security checking).
If the batch job runs under CV, then there is the TASK level security that would be checked first.
You can define a task code in the SYSGEN, where the task code matches the batch program name. If the task is defined, then the TASK security check uses that Task code. If that Task definition is not found we look for TASK BATCBULK and if that is not found we use TASK RHDCNP3S.