This article summarizes how external security for CA Datacom works from Multi-User start-up through how access is allowed or denied.
- At MUF Start-up, the UserID is obtained via CAISSF and passed to Datacom.
- Datacom calls external security system to determine whether external security is in effect or not.
This check is done regardless of what the user enters in the SECURITY Multi-User Startup Option.
- User's identity
- Facilities the user is authorized to access
- If user is an administrator
- External security product checks security status for resource names.
- Checking if ACTIVATE.LEVELnn.PASS is allowed and ACTIVATE.LEVELnn.FAIL is denied for the UserID that starts the Multi-User.
The check begins with LEVEL05 and continues until a resource name pair is identified.
- Once the resource pair is found, the DTSYSTEM is queried to determine the access path level of security being used.
- The next security check looks for the table class resources for the UserID associated with the Multi-User Facility.
- This check consists of a pair of resource names relating to the level of external security to be checked, so that new security features can be implemented without affecting the existing external security System.
- For example, in the following Multi-User Startup Option:
- Multi-User checks for the following resources:
The "cxxname" can be found by looking at the MUF startup message "DB00201I for CXX=" information. It is also available on the DBUTLTY CXX Report on the right-hand of the flower box after the string "CXXNAME".
- If the user that starts up the Multi-User is denied access to the DTSYSTEM resource class, external security is activated.
- If access is allowed and the class-and-path definition is coded in the Multi-User startup SECURITY option, an error is returned and the Multi-User Facility will not enable.
Also, if no class is coded for a path in the Multi-User startup and access is denied for more than one class in that path, an error is returned and the Multi-User Facility will not enable.