Security data section
The security-data section is mandatory for every transaction or command, and is optional for OTMA protocol commands.
The security data portion of the OTMA message prefix is mapped by the TMAMSEC DSECT of the DFSYMSG macro.
The following table is a summary of the content of the security-data section of the message prefix. The summary includes, as appropriate, byte, length, content, hexadecimal value, the meaning, and includes usage comments.
| Byte | Length | Content | Value | Description |
|---|---|---|---|---|
| 0 | 2 | Length | Length of the security-data section, including the length field. | |
| 2 | 1 | Security flag | N | No Security: no RACF® checking is
done. It is assumed that the user ID and password are already verified. |
| C | Check:
RACF checks transactions and commands. Transaction and command authorization RACCHECKs are performed (TCLASS and CCLASS). |
|||
| F | Full:
RACF checks transactions, commands, and
regions. Transaction, IMS command, and MPP region authorization RACCHECKs are performed. |
|||
| 3 | 1 | Reserved | ||
| 1 | Utoken length | Length of Utoken plus the length of Utoken
Type. Length does not include length field itself. |
||
| 1 | Utoken type | X'00' | Type of data to follow. | |
| * | Utoken | The user token. Variable length, from 1 to 80 bytes. |
||
| 1 | User ID length | Length of the user ID plus the length of the User ID
Type. Length does not include length field itself. |
||
| 1 | User ID type | X'02' | Type of data to follow. | |
| * | User ID | The user ID. Variable length, from 1 to 8 bytes. |
||
| u | Profile length | Length of the profile plus the length of the Profile
Type. Length does not include length field itself. |
||
| 1 | Profile type | X'03' | Type of data to follow. | |
| * | Profile | The SAF profile. Variable length, from 1 to 8 bytes. |
||
| 1 | Network user ID Length | Length of the network user ID plus 1 byte length of the
network user ID type. The length does not include this length field itself. |
||
| 1 | Network user ID Type | X'04' | Type of data to follow. | |
| * | Network user ID | Distributed user ID, which can be up to 246 bytes. For customers using IMS TM Resource Adapter, it is a Distinguish Name (DN) in the X.500 series of standards. | ||
| 1 | Network session ID Length | Length of the network session ID plus 1 byte length of
the network session ID type. The length does not include this length field itself. |
||
| 1 | Network session ID Type | X'05' | Type of data to follow. | |
| * | Network session ID | Network session ID for the distributed user. Variable length from 1 to 254 bytes. For customers using IMS TM Resource Adapter, it is a domain name, realm, or registry name. |