ODBM and security

The CSL Open Database Manager (ODBM) does not perform user authentication or authorization itself.

If you are using IMS Connect with ODBM, you can authenticate the user IDs on request messages before they reach ODBM by using IMS Connect security. In addition to being able to call RACF® directly, IMS Connect provides the IMS DB Security user exit routine (HWSAUTH0) to facilitate the customization of the security checking for communications with IMS DB.

If you use RACF to authenticate user IDs in IMS Connect, you can also enable RACF statistics to be captured when IMS Connect issues the RACF RACROUTE REQUEST=VERIFY call to authenticate ODBM client connections to IMS DB.

You can have IMS check the authority of a user to allocate a PSB or access IMS resources by using APSB and resource access control (RAS) security.

APSB security is enabled by specifying the ODBASE parameter. RAS security is specified by the ISIS parameter. Both the ODBASE and ISIS parameters can be specified on the IMS or DBC startup procedure or the DFSPBxxx PROCLIB member.

If a user-written ODBM client passes a security object for a security product such as RACF, ODBM invokes RACROUTE REQUEST=VERIFY to create an accessor environment element (ACEE) for the APSB thread. IMS can then use the ACEE during APSB or RAS authorization for allocating PSBs or access to other resources.