Security and CPI-C driven application programs

After APSB SAF is security-enabled, IMS calls SAF to secure the PSB specified on an APSB call against the AIMS or Axxxxxxx general resource class (where xxxxxxx is the value specified on the RCLASS initialization EXEC parameter) based on the USERID of the user associated with the CPI-C application. Therefore, you must define the PSBs that you want protected by RACF® (or your installation exit) to the AIMS or Axxxxxxx resource class. Because the AIMS resource class can contain PSBs, all PSB names specified in the AIMS resource class should be unique. In addition, you must specify RCLASS=IMS|xxxxxxx on the RCLASS initialization EXEC parameter at IMS system definition time.

When a CPI-C driven application program makes an APSB call, IMS bypasses APSB SAF security if the PSB is not defined to the AIMS resource class or if the AIMS resource class is not active. If IMS bypasses APSB SAF security, IMS attempts to authorize the PSB by using RAS security. If RAS security is active, IMS assumes the CPI-C driven application program has the authority to use the PSB.

Related reading: For more information on RACF and IMS, search for IMS in the z/OS Security Server RACF Security Administrator's Guide.