Authorizing connections to DEDB VSO structures

Manage access to shared DEDB VSO structures by defining security profiles that grant access to the cache structure to only authorized IMS systems.

If you use RACF®, the RACF security administrator defines the security profiles in the FACILITY class.

Prior to connecting to a DEDB VSO structure, an IMS system issues a RACROUTE REQUEST=AUTH call that uses the job name of the IMS control region as the user ID. To access the structure, the user ID must have at least UPDATE authority in the security profile.

The name of a security profile must use the format VSOSTR.structure_name, where structure_name is the name of the VSO structure that is to be protected. This structure name must match the structure name defined in the RECON data sets for the structure.

The following example shows the RACF commands to that both define a RACF security profile for a VSO structure and grant update authority to an IMS system. The name of the protected VSO structure is DB21AR1@STRUCT@1. The IMS system receiving update authority is VSOB06A1.

ADDUSER VSOB06A1
      RDEFINE FACILITY (VSOSTR.DB21AR1@STRUCT@1) UACC(NONE)
      PERMIT VSOSTR.DB21AR1@STRUCT@1 CLASS(FACILITY) ID(VSOB06A1)
      ACCESS(UPDATE)
      SETROPTS CLASSACT(FACILITY)