Static VTAM transaction output security enhancement

In IMS 15, static VTAM® terminals are enhanced with the ability to apply transaction output security checks to prevent unauthorized accesses from different users to transaction outputs.

Previously, there was no output security for static VTAM terminals. Any user with a valid authorized access to a terminal could access queued outputs in that terminal, even if the user didn't initiate the output transaction. The typical solution was to create a user exit, which was difficult to configure.

Instead of using a new user exit, with this enhancement, you can enable output security for static VTAM terminals by specifying an optional parameter STATICOUTSEC in the DFSDCxxx member of the IMS PROCLIB data set. When you specify the STATICOUTSEC parameter, you decide whether IMS compares the current user with the user who initiated the transaction, if the current user is not the user who initiated the transaction, IMS discards the transaction output. This prevents other users from accessing the transaction that were not initiated by them.

This enhancement is delivered with APAR/PTFs PH24997/UI70315/UI70314.

Changes to defining IMS

The DFSDCxxx member of the IMS PROCLIB data set is enhanced with the following parameters:

STATICOUTSEC=ALL | NO | SREQ: Specifies whether IMS discards transaction reply messages for static terminals when the current user does not match the user associated with the output message. In addition, this parameter tells IMS whether to exit any active or held conversations when a user signs off from the static terminal.
RCVYCONV=: If STATICOUTSEC=ALL or STATICOUTSEC=SREQ is specified, RCVYCONV=NO will be forced for those static terminals affected by the STATICOUTSEC keyword.

Changes to troubleshooting for IMS

For a list of the messages and codes that are new or changed for this enhancement, see the IMS messages and codes row in the table in Documentation changes.

For a complete list of all of the new, changed, and deleted messages, and abend codes in IMS 15, see Message and code changes in IMS 15.

Documentation changes

The following table lists the publications that contain new or changed topics for the New function name enhancement. Publications that are not impacted by this enhancement are not included in the table.

Table 1. Links to topics that have new or changed content for this enhancement.
Publication	New or changed topics
Release planning	General planning information for IMS 15 New messages and codes for IMS 15 IMS 15 enhancements IMS 15 Transaction Manager continuous delivery functions Static VTAM transaction output security enhancement (new) (this topic)
System definition	Members of the IMS PROCLIB data set DFSDCxxx member of the IMS PROCLIB data set
Communications and connections	Extended Terminal Option (ETO) Administering the Extended Terminal Option Planning for ETO Defining physical terminals Planning for both static and dynamic terminals
System administration	IMS system administration considerations and tasks IMS security Overview of DB/DC and DCCTL security Security facilities for DB/DC and DCCTL resources
IMS messages and codes	New messages and codes for IMS 15 DFS messages DFS3478 (new)