OTMA security data fields used by IMS Connect

The tables in this topic define the fields of the OTMA security data header and the order of those fields.

The numbered notes in each table are explained in Notes to OTMA header tables.

The DSECTs for network security information, HWSECDNDS and HWSECARDS, are generated only if you specify both of the following options in the HWSOMPFX macro:
DSECT=
Generates an individual DSECT for each section of the OTMA header. However, the HWSECDNDS and HWSECARDS DSECTS are not generated.
NETSEC_OPT=YES
Generates the HWSECDNDS and HWSECARDS DSECTs if you also specify the DSECT= option.

Common security data section for all messages

Table 1. HWS0MSEC DSECT - OTMA security data header. Security data common section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECLEN 2 0   SECURITY DATA LENGTH  
OMSECFLG 1 2 OMSECNON C'N'

SECURITY FLAG

No RACF® checking.

Set to 'N' if no OTMA RACF calls are to be made.

1
      OMSECCHK C'C'

Check for transaction and command.

NEITHER TESTED NOR SET BY EXIT.

4
      OMSECFUL C'F'

Check for transaction, command, and MPR

Set to 'F' is OTMA is to issue RACF call.

1
OMSECFLN 1 3  

LENGTH OF FOLLOWING FIELDS

Set to length of USERID and GROUPID section.
  • Set to X'0A' if only USERID.
  • Set to X'14' if USERID and GROUPID.
  • Set to X'00' if neither USERID or GROUPID present.
1

USERID security data section for all messages

Table 2. HWSECUDS DSECT - OTMA USERID definition. Security data USERID section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECULN 1 0  

LENGTH OF USERID FIELDS

Set to length of USERID fields. The length includes this field. Set to X'09' if USERID present.

1
OMSECUTY 1 1 OMSECUXX X'02' FIELD TYPE USERID type. Set to X'02' to identify USERID present. 1
OMSECUID 8 2  

USERID

Set to USERID from IRM field IRM_RACF_USERID.

1

GROUPID security data section for all messages

Table 3. HWSECGDS DSECT - OTMA GROUPID definition. Security data GROUPID section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECGLN 1 0  

LENGTH OF GROUPID FIELDS

Set to length of GROUPID fields. The length includes this field. Set to X'09' if GROUPID present.

1
OMSECGTY 1 1 OMSECGXX X'02' FIELD TYPE GROUPID type. Set to X'03' to identify GROUPID present. 1
OMSECGRP 8 2   RACF GROUPID Set to GROUPID from IRM field IRM_RACF_GROUPID or from default GROUPID from IMS Connect configuration file. 1

UTOKEN security data section for all messages

Table 4. HWSECFDS DSECT - OTMA RACF UTOKEN definition. Security data UTOKEN section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECRLN 1 0  

LENGTH OF UTOKEN FIELDS

Set to length of UTOKEN fields. The length includes this field. Set to X'51' if user security exit issued RACF call.

1
OMSECRTY 1 1 OMSECRXX X'02'

FIELD TYPE UTOKEN type.

Set to X'00' to identify UTOKEN present.

1
OMSECPRF 80 2  

UTOKEN

Set to UTOKEN from user security exit.

1

NETUID security data section for all messages

Table 5. HWSECDNDS DSECT - Network user ID (distinguished name) security data section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECDNLN 1 0  

LENGTH OF NETUID FIELDS.

The length of this section is variable and has a maximum value of 247. The length does not include this field.

1
OMSECDNTY 1 1 OMSECDNXX X'04'

FIELD TYPE NETUID type.

Set to X'04' to indicate that a network user ID (NETUID) is present.

1
OMSECDN 1 - 246 2  

The size of this field can be in the range 1 - 246 bytes. This field can contain the contents of an IRM extension that has an ID of *NETUID*.

1

NETSID security data section for all messages

Table 6. HWSECARDS DSECT - Network session ID (realm or authenticating registry) security data section for all messages
Field Length Hexadecimal offset Field value Description and settings Note
OMSECARLN 1 0  

LENGTH OF NETSID FIELDS.

The length of this section is variable and has a maximum value of 255. The length does not include this field.

1
OMSECARTY 1 1 OMSECARXX X'05'

FIELD TYPE NETSID type.

Set to X'05' to indicate that a network session ID (NETSID) is present.

1
OMSECAR Up to 254 bytes 2  

This size of this field can be in the range 1 - 254 bytes. This field can contain the contents of an IRM extension that has an ID of *NETSID*.

1