Defining security during DB/DC and DCCTL system definition

You can make IMS security choices with initialization EXEC parameters and in two system definition macros: COMM, and IMSGEN. These specifications let you choose the type of security that is active during online execution.

You can make other security choices, including which resources you want to protect, by using the Resource Access Control Facility (RACF®). You can also specify security choices using the security parameters in the IMS and DCC startup procedures.

If you do not specify any security in any of the three system definition macros, IMS provides a basic level of resource security called default security, which:

Prohibits the entry of certain commands from any terminal other than the master terminal. This basic security function is activated upon completion of stage 2 of IMS system definition. When you implement input-access security with RACF, IMS removes the default security restrictions. In the case of static terminals if sign-on is not required, IMS uses the control region user ID for command validation.
Applies only to statically defined terminals. Terminals that are defined by using ETO are automatically governed by an identical level of default security. When you modify and use the Command Authorization exit routine (DFSCCMD0), IMS removes the default security for dynamically defined terminals.

Security specifications can be made in the COMM macro, IMSGEN macro, or with initialization EXEC parameters. The security-related specifications are accepted hierarchically in the following order:

The initialization EXEC parameters specified in the DFSPBxxx PROCLIB member
The initialization EXEC parameters specified in the DFSDCxxx PROCLIB member
COMM
IMSGEN

Specifications that are coded in the initialization EXEC parameters override security specifications that are coded in the COMM and IMSGEN macros.