Overview of External Security in View

Document ID : KB000024733
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

This document presents an overview of external security in View. Outlined are the corresponding SARINIT initialization parameters and basic examples of the necessary security product rules.

Instructions:

 

  • For implementing security in View :

    • Three SARINIT initialization parameters affect the operation of external security:

    • SECURITY=EXTERNAL

      • This use of the parameter indicates that database security is based on external security calls. User and resource verification is performed through an external security product (RACROUTE calls).

    • SECID=secid

      • The SECID initialization parameter specifies a one- to eight-character identifier that will prefix the resource name. The default of the SECID parameter is VIEW.

    • SECLIST=NONE|ALL|REPORT,INDEX,DEFINE

      • The parameter specifies to what extent selection lists are to be limited to data accessible by the user:

      • NONE indicates that all of the selection list data is presented to the user and accessibility is determined after the user selects the data.

      • ALL indicates that all of the selection lists are to be limited to data that is accessible by the user.

      • REPORT, INDEX, or DEFINE identify specific selection lists that are to be limited to data accessible by the user:

      • REPORT corresponds to the Sysout/Report Selection List

      • INDEX corresponds to the Index Name and Value Selection Lists

      • DEFINE corresponds to the User, Sysout, Distribution, Device, Filter, and View Definition Selection Lists

    • You can specify any combination of REPORT, INDEX, or DEFINE. The default for SECLIST is NONE.

  • CA View uses a single security class, CHA1VIEW, and 14 resource types:
        Resource 
    Type Resources Protected -------- ------------------- BANR Banner page members DBAS SARDBASE functions DEV Device definition (DEF DEV command) DIST Distribution definition (DEF DIST command and user definition distribution identifier) FILT Filter definitions (DEF FILTER command) IDXN Index name
    IDXV Index value NOTE Annotations and bookmarks PANL Online panel members REPT Sysouts/Reports RAPS All pages of a Sysout/Report SYS Sysout definition (DEF SYS command) USER User IDs (DEF USER command) VIEW Logical Views.
  • To be able to browse a sysout, you need a minimum of the following rules:

    • secid.REPT.* (READ access to the Report Resource)

    • secid.VIEW.000.* (a generic for all reports by allowing READ access to the native browse logical view resource)

    • secid.RAPS (this allows READ access to the ALL PAGES value of a page index)

  • To be able to print a sysout, you need a minimum of the following rules:

    • secid.REPT.* (WRITE access to the Report Resource)

    • secid.VIEW.000.* (a generic for all reports by allowing READ access to the native browse logical view resource)

    • secid.RAPS (this allows READ access to the ALL PAGES value of a page index).

  • The information in the manual gives the specifics to designating security for specific logical views, however, the secid.VIEW.000 rule
    is necessary so as to allow the browsing of a sysout.

  • Member CVDEOPTN(SARSECU1) which, when assembled, creates execution module SARSECUX which will enable the use of pseudo-dataset rules in CA View , while the rules are being reconstructed to the new format.

Additional Information:

 . Chapter 13, of the CA VIEW Reference Guide, provides security information for the product.

 . A PowerPoint presentation, attached to this document, provides additional information.

File Attachments:
TEC479430.zip