Activating IMS DBCTL security

This topic gives guidance on the steps you take to activate your IMS security design using RACF® and program exit routines.

Depending upon the security facilities you choose to use, you must perform the appropriate tasks.

Prepare a RACF security plan in DBCTL.

To implement a RACF security plan:

Prepare a list of all the of IMS online resources to be protected, arranging them in groups to give an overview of the total resources covered.
Select the security facilities that protect the resource groups.
Code the IMSGEN macro or initialization EXEC parameters.
Describe the resource class profiles to RACF.
Add users, groups, and data sets to RACF.
Modify JCL procedures in IMS.PROCLIB.

RACF resource classes are used by the IMS security function. The PSB class holds profiles for PSB security. RACF provides predefined resource classes or you can define your own. The names of resource classes to be used are specified with the RCLASS= parameter. Table 1 shows resource class assignments for DBCTL.

Table 1. Resource class assignments for DBCTL
Resource class	Resource class naming convention
Resource class	RACF-defined name	User-defined name
PSB resource class	IIMS	I`xxxxxxx`
PSB group resource class	JIMS	J`xxxxxxx`
APSB resource class	AIMS	A`xxxxxxx`

Start of change The RACF resource classes are defined in RACF's resource class descriptor table (CDT). Initially, the AIMS, IIMS, and JIMS resource classes are predefined in the CDT. To add a resource class or to define resource classes with user-defined names, you must use the RACF resource class macro ICHERCDE to create an installation-defined CDT. End of change

Related reading: For more information about the RCLASS EXEC parameter, see IMS Version 15 System Definition.