Modifying OTMA security online

You can modify security for all OTMA clients globally and for OTMA clients individually by using online commands. You can also specify online whether RACF statistics are recorded when IMS Connect issues the RACF call RACROUTE REQUEST=VERIFY to authenticate OTMA client connections to IMS TM.

Modifying security for all OTMA clients globally and for OTMA clients individually

You can modify security for all OTMA clients globally and for OTMA clients individually by using the online type-1 command /SECURE OTMA. You can use the /SECURE OTMA command to override security specifications made by using the OTMASE= parameter in the IMS or DCC execution procedures.

The /SECURE OTMA command can specify the RACF® security level globally for the OTMA z/OS® cross-system coupling facility (XCF) group or disable RACF security for the OTMA XCF group by using the following parameters:

  • /SECURE OTMA CHECK
  • /SECURE OTMA FULL
  • /SECURE OTMA JOIN
  • /SECURE OTMA PROFILE
  • /SECURE OTMA NONE

You can specify a RACF security level for individual OTMA clients by issuing the following commands:

  • /SECURE OTMA CHECK TMEMBER tmember_name
  • /SECURE OTMA FULL TMEMBER tmember_name
  • /SECURE OTMA JOIN TMEMBER tmember_name
  • /SECURE OTMA PROFILE TMEMBER tmember_name
  • /SECURE OTMA NONE TMEMBER tmember_name

Security specifications made for individual OTMA clients override the global security settings made for the rest of the OTMA XCF group.

If you specify /SECURE OTMA NONE, IMS does not use RACF for security verification, regardless of what security is specified by the class for a client-bid request or for transactions.

When RACF security checking is disabled for OTMA, you can issue only the following default IMS commands through OTMA:

  • /BROADCAST
  • /LOCK
  • /LOG
  • /RDISPLAY
  • /UNLOCK

Complete information for how to use these command is provided in IMS Version 15.2 Commands, Volume 1: IMS Commands A-M and IMS Version 15.2 Commands, Volume 2: IMS Commands N-V.

Enabling RACF statistics for OTMA client connections to IMS TM

To enable, online, RACF statistics to be recorded when IMS Connect issues the RACROUTE REQUEST=VERIFY call to authenticate OTMA client connections to IMS TM, use the TMRACFST(ON) keyword on the UPDATE IMSCON TYPE(CONFIG) command.

After you enable RACF statistics, IMS Connect uses the STAT=ASIS parameter on the RACROUTE REQUEST=VERIFY call. With STAT=ASIS, the RACF messages and statistics are controlled by the installation's current options on the RACF SETROPTS command.

After you enable RACF statistics, the statistics are recorded by RACF no more than once per day to a system management facility (SMF) data set or log stream. The SMF data set or log stream that is used to record the RACF statistics is specified in the RACF configuration.