How to Implement External Security for Datacom - Prerequisites?

Document ID : KB000051583
Last Modified Date : 14/02/2018
Show Technical Document Details


This document is the first in a series of articles that summarize what is required to implement external security for Datacom using one of the three external security products, ACF2, TopSecret, or RACF. Full documentation on this functionality is published in the CA Datacom/DB Security Guide. This document describes the prerequisites and what they are used for.


The following products or sub-components must be defined before you begin to implement external security for Datacom:

CAIRIM - A Component of CA-Common Services (for z/OS) or CA-CIS (for z/VSE).

This component should have been installed prior to installing CA Datacom/DB or CA Datacom/AD. CAIRIM is how you can define the SVC which defines the Multi-User being used.

CAISSF - Is a subservice of CAIRIM, and provides the link between the Advantage CA Datacom products and the external security product. For RACF define the CA Command CA@MD (by default).

CAIIPC - CA Inter-Product Components is required for Datadictionary (and Advantage CA-Ideal) online Signons.

You must use the SC00OPTS SECRTY=Y , if you want UserIDs and Passwords validated by the external security product. This parameter must be "Y" the default is "N". See Section 2.6 Enabling Online Signons in the CA Datacom Security Guide.

ACF2, TopSecret, or RACF - Installing one of the three external security products at current releases.

MUF authorized - The Multi-User Facility (MUF) must run authorized if using external security in a z/OS environments. Ensure that all libraries in the concatenation be in an authorized state. Note that starting with Release 12, Multi-User must run authorized regardless of whether external security is in place or not.

DBCVTPR - Modify DBCVTPR USERID= parameter. The DBCVTPR USERID parameter governs format of the UserID that is passed to Datacom with each online request.

  • USERID=NO When external security is used, that value forces Advantage CA-Datacom/DB to use the 3-byte operator ID (CICS OPERID) instead of the 8-byte UserID (CICS USERID). In a RACF environment, USERID=NO means that Advantage CA-Datacom/DB uses the 3-byte operator ID, not the group ID, to secure the database. In Advantage CA-Datacom CICS Services r2.5 and before, if USERID=NO and external security was in use, Advantage CA-Datacom/DB used an 8-byte UserID to secure the database.

  • USERID=YES forces Advantage CA-Datacom/DB to use the 8-byte CICS USERID.


For more details see the CA Datacom/CICS Services 11.0 System Guide.