Keeping a program from accessing the data: data sensitivity
An IMS program can only access data to which it is sensitive.
You can control the data to which your program is sensitive on three levels:
- Segment sensitivity can prevent an application program from accessing all the segments in a particular hierarchy. Segment sensitivity tells IMS which segments in a hierarchy the program is allowed to access.
- Field-level sensitivity can keep a program from accessing all the fields that make up a particular segment. Field-level sensitivity tells IMS which fields within a particular segment a program is allowed to access.
- Key sensitivity means that the program can access segments below a particular segment, but it cannot access the particular segment. IMS returns only the key of this type of segment to the program.
You define each of these levels of sensitivity in the PSB for the application program. Key sensitivity is defined in the processing option for the segment. Processing options indicate to IMS exactly what a particular program may or may not do to the data. You specify a processing option for each hierarchy that the application program processes; you do this in the DB PCB that represents each hierarchy. You can specify one processing option for all the segments in the hierarchy, or you can specify different processing options for different segments within the hierarchy.
Segment sensitivity and field-level sensitivity are defined using special statements in the PSB.
Segment sensitivity
You define what segments an application program is sensitive to in the DB PCB for the hierarchy that contains those segments.
For example, suppose that the patient hierarchy shown in the following figures. The patient hierarchy is like a subset of the medical database.
PATIENT is the root segment and the parent of the three segments below it: ILLNESS, BILLING, and HOUSHOLD. Below ILLNESS is TREATMNT. Below BILLING is PAYMENT.
To make it possible for an application program to view only the segments PATIENT, ILLNESS, and TREATMNT from the medical database, you specify in the DB PCB that the hierarchy you are defining has these three segment types, and that they are from the medical database. You define the database hierarchy in the DBD; you define the application program's view of the database hierarchy in the DB PCB.
Field-level sensitivity
In addition to providing data independence for an application program, field-level sensitivity can also act as a security mechanism for the data that the program uses.
If a program needs to access some of the fields in a segment, but one or two of the fields that the program does not need to access are confidential, you can use field-level sensitivity. If you define that segment for the application program as containing only the fields that are not confidential, you prevent the program from accessing the confidential fields. Field-level sensitivity acts as a mask for the fields to which you want to restrict access.
Key sensitivity
To access a segment, an application program must be sensitive to all segments at a higher level in the segment's path. In other words, in the following figure, a program must be sensitive to segment B in order to access segment C.
For example, suppose that an application program needs segment C to do its processing. But if segment B contains confidential information (such as an employee's salary), the program is not able to access that segment. Using key sensitivity lets you withhold segment B from the application program while giving the program access to the dependents of segment B.
When a sensitive segment statement has a processing option of K specified for it, the program cannot access that segment, but the program can pass beyond that segment to access the segment's dependents. When the program does access the segment's dependents, IMS does not return that segment; IMS returns only the segment's key with the keys of the other segments that are accessed.
