Planning for security

To prevent unauthorized use of a terminal in the IMS network, you can use RACF® (or an equivalent product).

RACF is a licensed program available under the z/OS® operating system.

RACF allows you to control access to:
  • Physical terminals
  • Logical terminals
  • Transactions
  • Commands

If you do not use RACF security, IMS allows only certain commands to be entered at user terminals (excluding the master terminal). This is called default terminal security.

Using RACF, you can design security profiles based on user ID and you can define two levels of security for your network:
  • You can control the use of the terminals connected to your network.
  • You can control the resources that can be accessed from the terminal.

You control use of a terminal by signon verification security. For example, a terminal user enters an identifier as a parameter on a /SIGN command or in response to a DFS3649 message. You can use RACF, an exit routine, or both to validate the signon. The user ID is logged with each input and output message and with each database change.