Security for APPC/IMS

APPC/IMS requires security using the System Authorization Facility (SAF) interface to RACF®, or an equivalent security environment. RACF is optional for remote transactions from LU 6.2 application programs.

APPC/IMS supports both the Transaction Authorization exit routine (DFSCTRN0) and the Command Authorization exit routine (DFSCCMD0).

Restrictions: 
  • APPC/IMS does not support the /SIGN command, because it is not required in order to validate the user ID. z/OS® validates user IDs when using RACF; therefore, each APPC/IMS message has a validated user ID.
  • For IMS commands entered from remote LU 6.2 application programs: if you do not use RACF or the Command Authorization exit routine (DFSCCMD0), the default command security allows only the following four commands:
    • /BROADCAST
    • /LOG
    • /RDISPLAY
    • /RMLIST
    To allow other commands, use DFSCCMD0 or RACF.