Implementing signon security in an IDMS Central Version.

Document ID : KB000026074
Last Modified Date : 01/03/2018
Show Technical Document Details
Question:

Question:

How to implement signon security in an IDMS Central Version.

 

Answer:
  Securing IDMS Resources is implemented by assembling and linking a series of #SECRTT macros to produce the security table load module RHDCSRTT (See Security Administration 10.5 #SECRTT for complete parameter descriptions).
  SIGNON security is implemented by including a #SECRTT macro for RESTYPE=SGON.
In the following example of assembling the RHDCSRTT, only the SIGNON resource type is secured. The default value is SECBY=OFF for all resource types. In this example the SIGNON resource type is secured internally.

//ASMSTEP EXEC PGM=ASMA90,
//             REGION=512K
//SYSLIB    DD DSN=Your.IDMS.DISTMAC,DISP=SHR
//             DD DSN=SYS1.MACLIB,DISP=SHR
//SYSUT1   DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(CYL,(15,10))
//SYSUT2   DD DSN=&&SYSUT2,UNIT=SYSDA,SPACE=(CYL,(15,10))
//SYSUT3   DD DSN=&&SYSUT3,UNIT=SYSDA,SPACE=(CYL,(15,10))
//SYSPRINT  DD SYSOUT=*
//SYSLIN    DD DSN=&&OBJECT,DISP=(NEW,PASS),UNIT=SYSDA,
//             SPACE=(CYL,(15,10))
//SYSIN     DD * 
        #SECRTT TYPE=INITIAL,SVCNUM=176,SYSPROF=(DEFAULT,ON)
        #SECRTT TYPE=ENTRY,RESTYPE=SGON,SECBY=INT
        #SECRTT TYPE=FINAL
        END
//LKED     EXEC PGM=IEWL,
//         PARM=(XREF,LET,LIST,NCAL)
//SYSPRINT DD SYSOUT=*
//SYSUT1   DD UNIT=SYSDA,SPACE=(1700,(500,100))
//SYSLMOD DD DSN=your.IDMS.DBA.LOADLIB,DISP=SHR
//SYSLIN   DD DSN=&&OBJECT,DISP=(OLD,DELETE)
//         DD *
  ENTRY SRTTEP1
  MODE  AMODE(31),RMODE(ANY)
  NAME  RHDCSRTT(R)
The next step is granting signon to a specific IDMS system.
If you have not yet created a SYSTEM RESOURCE that is the first task.
The SYSTEM RESOURCE must match the system ID defined in your system definition.

 SYSGEN 16.0    PAGE 1 LINE 1  DICT=SYSTEM 
 *+   ADD SYSTEM 100 
 *+       SYSTEM ID IS SYST0100 
 *+       DATE CREATED IS      08/24/93 
 *+       DATE LAST UPDATED IS 04/21/08  
 
       OCF 16.0 IDMS  PAGE 1 LINE 1  DICT=SYSTEM
 
  CREATE RESOURCE SYSTEM SYST0100;
 
Once you have a system resource you can grant the signon privilege to specific users.
       OCF 16.0 IDMS  PAGE 1 LINE 1  DICT=SYSTEM
 
GRANT SIGNON ON SYSTEM SYST0100 TO USER123;
 
SECURING SIGNON USING AN EXTERNAL SECURITY MANAGER
 
To secure Signon externally, the #SECRTT macro needs 2 extra parameters: EXTCLS and EXTNAME 
 
 #SECRTT TYPE=ENTRY,RESTYPE=SGON,SECBY=EXT,EXTCLS='IDMST',EXTNAME=(RESNAME)
EXTCLS is a literal that must match the Class high-level qualifier defined to the external security system. For instance, in TOP SECRET this is RESCLASS. In ACF2 it is TYPE. For RACF it is CLASS.
EXTNAME is one or more keywords to tell IDMS how to construct the actual resource name that will be passed to the external security manager.
For SGON, clients typically code this parameter as RESNAME, which for the SGON resource means we pass the SYSTEM ID as defined in the IDMS SYSTEM definition.
Additional Information:
 Security Administration guide
https://docops.ca.com/ca-idms/19/en/administrating/administrating-security-for-idms