How to set up ACF2 definitions when implementing PassTickets with IDMS

Document ID : KB000048217
Last Modified Date : 14/02/2018
Show Technical Document Details

Description :

Using PassTickets to access an IDMS CV system requires these definitional components:

  • ACF2 security definitions
  • Information defined in the IDMS security type table (SRTT).

The major components used in this process are the user id, the application id, the system id of the CV, the session key, and the resource class.

Solution :

Note : All of the following definitions are examples and can vary by installation. Parameters can be selected for auditing, performance, and other installation-specific needs.

Follow these steps:

  1. Secure signon for use with ACF2.

    First, define information to the SRTT using the #SECRTT macro:
    #SECRTT TYPE=ENTRY,
    RESTYPE=SGON,
    SECBY=EXTERNAL,
    EXTCLS='SGO',
    EXTNAME=(RESNAME)

    Notes : SGO is a user-defined external resource class. For more information on the #SECRTT macro, see the CA IDMS Security Administration Guide.

    Then, secure the CV system resource.

    Example : For CV systems with the id SYSTEM85 specified on the SYSTEM ID statement of the SYSGEN SYSTEM statement and the user FIMX006:
    $KEY(SYSTEM85) TYPE(SGO)
    $USERDATA(SYSTEM85)
    UID(FIMX006) LOG

    Note : $USERDATA is for commenting only and is not required.

  2. Add a session key for a particular application id (applid). The applid for an IDMS CV system is the id of the first VTAM line (or the system nodename if no VTAM lines are defined). A session key is a 1 to 16-character hexadecimal value. Both the PassTicket generator and the target application must use the same session key.

    Example : For the application APLID851:
    SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
    INSERT APLID851 SSKEY(1ADEF39872EA423C)
    F ACF2,REBUILD(PTK),CLASS(P)

  3. Add permission for the user to generate and use a PassTicket for an application.

    Example : For the application id APLID851 and the user FIMX006:
    ACFNRULE KEY(IRRPTAUTH) TYPE(PTK) ADD(APLID851.FIMX006)
    UID(FIMX006) SERVICE(READ,UPDATE) ALLOW)
    F ACF2,REBUILD(PTK)