Security for ODBM allocate PSB (APSB) requests
Any PSB that is specified on an APSB request from an ODBM thread can be secured by using the z/OS System Authorization Facility (SAF), the IMS RAS user exit, or both.
- Specify ODBMSECURE=A, E, or R.
This method applies to all ODBM connectors to the respective IMS, irrespective of the ODBM RRS= setting. When ODBMSECURE=N, A, E, or R is specified on an IMS system, the values that are specified in the ISIS= and ODBASE= parameters are ignored for all ODBM connections to this IMS system. The resource class of AIMS or Axxxxxxx is used to authorize APSB resources.
- Specify ISIS=A, C, or R. This method applies to ODBM connections under either of the conditions:
- ODBM runs with RRS (RRS=Y) and no SAF calls are to be made against the AIMS resource class (ODBASE=N).
- ODBM runs without RRS (RRS=N).
The resource class of IIMS or Ixxxxxxx is used to authorize APSB resources.
- Specify ODBASE=Y.
This method applies only to ODBM that runs with RRS (RRS=Y). The resource class of AIMS or Axxxxxxx is used to authorize APSB resources.
After the APSB SAF security is enabled, IMS calls SAF to secure the PSB specified on an APSB call by using the respective resource class, based on the user associated with the ODBM thread. IMS then defines the PSBs that are to be protected to RACF (or the installation exit). When ODBMSECURE= or ODBASE= is used, IMS defines the PSBs to AIMS or Axxxxxxx resource class. When ISIS= is used, IMS defines the PSBs to IIMS or Ixxxxxxx.
During IMS system definition, RCLASS=IMS or RCLASS=xxxxxxx must be specified with an initialization EXEC parameter.
