How to secure ODBC access to CA-IDMS data

Document ID : KB000028860
Last Modified Date : 14/02/2018
Show Technical Document Details

The easiest way to secure ODBC access to CA-IDMS data is with TASK-level security. 

Enable task level security internally in RHDCSRTT:-

     #SECRTT TYPE=ENTRY,SECBY=INT,RESTYPE=TASK

Create a RESOURCE CATEGORY in OCF with the appropriate tasks:- 

     CREATE RESOURCE CATEGORY ODBC_AUTH
        ADD TASK CASERVER
        ADD TASK IDMSJSRV
       ;                             

If you are using protocol CCI, task CASERVER must be included (shown above).

If you are using protocol IDMS (the "wire" protocol), then whichever TASK is specified on the PARM IS clause of your bulk PTERM must be included. This is normally IDMSJSRV, as is shown here.

     ADD PTERM TCPJSRV
        ENABLED
        IN LINE TCPIP
MAXIMUM ERRORS IS 3
PRINTER CLASS IS 1
READBUFFER
TYPE IS LISTENER
TASK IS RHDCNP3J MODE IS SYSTEM
PORT IS 3766
BACKLOG IS 100
IP STACK NAME IS TCPIP31
 PARM IS
'TASK=IDMSJSRV'
MAXIMUM NUMBER OF CONNECTIONS IS OFF
.    

Also, if using the IDMS protocol, you must completely unsecure task RHDCNP3J because the line driver invokes it before the user id and password are received. This can be done by creating a RESOURCE CATEGORY and GRANTing it to PUBLIC ... 

     CREATE RESOURCE CATEGORY RHDCNP3J
         ADD TASK RHDCNP3J           
         ; 
     GRANT EXECUTE ON CATEGORY RHDCNP3J
         TO PUBLIC;                            

Once these security definitions are in place, you can grant individual users (or groups) access to execute ODBC tasks with this:-  
     GRANT EXECUTE ON CATEGORY ODBC_AUTH
         TO JOHN_SMITH;