RAS security

Use the ISIS and ODBASE execution parameters to control the authorization for a z/OS® application region to use a PSB.

The following table describes the actions that you need to perform to set up security when specific options are selected.

Table 1. Options for defining RAS security for applications that use ODBA
Specifications Actions to perform
ISIS=0 | N and ODBASE=N No action required. No PSB security checking is performed.
ISIS=R and ODBASE=N Define the PSBs that you want protected by RACF® to the IIMS or Ixxxxxxx resource class, and then define the user IDs of the dependent region that you want authorized to access the PSBs. The ODBA support for IMS will use the security environment (ACEE) passed in the dependent region's task (TCBSENV), if present, or the dependent region's address space (ASXBSENV), if the ACEE is not present at the task level.
ISIS=C and ODBASE=N Create a Resource Access Security user exit (RASE). This routine must determine if the user is authorized to use the PSB.
ISIS=A and ODBASE=N
  1. Define the PSBs that you want protected by RACF to the IIMS or Ixxxxxxx resource class, and then define the user IDs of the dependent region that you want authorized to access the PSBs. The ODBA support for IMS will use the security environment (ACEE) passed in the dependent region's task (TCBSENV), if present, or the dependent region's address space (ASXBSENV), if the ACEE is not present at the task level.
  2. Create a Resource Access Security user exit (RASE). This routine must determine if the user is authorized to use the PSB.
RACF is called first, and then the exit routine is called.