The easiest way to secure ODBC access to CA-IDMS data is with TASK-level security.
Enable task level security internally in RHDCSRTT:-
Create a RESOURCE CATEGORY in OCF with the appropriate tasks:-
CREATE RESOURCE CATEGORY ODBC_AUTH
ADD TASK CASERVER
ADD TASK IDMSJSRV
If you are using protocol CCI, task CASERVER must be included (shown above).
If you are using protocol IDMS (the "wire" protocol), then whichever TASK is specified on the PARM IS clause of your bulk PTERM must be included. This is normally IDMSJSRV, as is shown here.
ADD PTERM TCPJSRV
IN LINE TCPIP
MAXIMUM ERRORS IS 3
PRINTER CLASS IS 1
TYPE IS LISTENER
TASK IS RHDCNP3J MODE IS SYSTEM
PORT IS 3766
BACKLOG IS 100
IP STACK NAME IS TCPIP31
MAXIMUM NUMBER OF CONNECTIONS IS OFF
Also, if using the IDMS protocol, you must completely unsecure task RHDCNP3J because the line driver invokes it before the user id and password are received. This can be done by creating a RESOURCE CATEGORY and GRANTing it to PUBLIC ...
CREATE RESOURCE CATEGORY RHDCNP3J
ADD TASK RHDCNP3J
GRANT EXECUTE ON CATEGORY RHDCNP3J
Once these security definitions are in place, you can grant individual users (or groups) access to execute ODBC tasks with this:-
GRANT EXECUTE ON CATEGORY ODBC_AUTH