Trusted-user support for IMS Connect messages
When IMS Connect is configured to call RACF® directly, you can modify your user message exit to treat specific messages as trusted users. When a message is classified as a trusted user, IMS Connect does not call RACF to check security for that message, but instead passes the specified user ID to OTMA without authentication.
After bypassing IMS Connect security, messages that are classified to IMS Connect as a trusted user are still subject to any security checking that might be performed by IMS OTMA. OTMA and IMS do not recognize the IMS Connect trusted user classification.
- HWSSMPL0
- HWSSMPL1
- HWSJAVA0
- User-written user message exits
To enable trusted user support:
- Select one or more IRM fields or an HWSJAVA0 OTMA header fields to contain the flags that identify an input message as a trusted user.
- For IRM fields or customer-written prefix fields, define the bytes and byte settings that represent the trusted user flag so that the definitions are unique to your system. IMS Connect does not define which flag bytes to set or what settings to use.
- Code the user message exit to read the field for the flag and, when the trusted user flag is found, to set the X'80' bit for the OMUSR_TRSTUSR EQU flag in the OMUSR_FLAG2 field in the OTMA user data section of the message that the exit passes back to IMS Connect.
The IRM header fields you can use to identify trusted user messages can include one or more of the following fields: PORTID, CLIENTID, USERID, TRANSACTION CODE fields, and user data.
For example, you might decide to add three one-byte fields in the IRM and to set different values in each field. The client application sets the flag. When the message is passed to the user message exit, the exit interrogates the three fields. If the fields identify the message as a trusted user, the user message exit passes a request to IMS Connect in the OTMA header to bypass the call to RACF.
************************************************
**************TRUSTED USER SUPPORT**************
************************************************
If you are using the HWSJAVA0 user message exit, the exit identifies trusted user messages by the existing data in OTMA headers fields such as OMUSR_DESTID (DataStore), OMUSR_ORIGIN (ClientID), OMUSR_PORTID (PortId), OMUSR_PASSTICKET (Password), or other message values.
Code the HWSJAVA0 user message exit to set the OMUSR_FLAG2 flag to OMUSR_TRSTUSR. When the OMUSR_FLAG2 flag is set to OMUSR_TRSTUSR, IMS Connect bypasses the RACF call.