Security for APPC/IMS

APPC/MVS does not verify user authority to access transaction codes or specific IMS systems. To provide complete security verifications of a user's authority to execute transactions with LU 6.2 devices, you must use RACF®.

APPC/MVS uses RACF resource class APPCTP for security. This holds a profile for every IMS transaction defined to RACF for transaction authorization verification. The Transaction Authorization exit routine (DFSCTRN0) is called for transactions, and the Command Authorization exit routine (DFSCCMD0) is called for commands.

Security checking with APPC local LUs

You can use either the base logical unit (LU) or local LU for RACF security checking of outbound asynchronous messages. Use the APPCLU startup parameter on the DFSDCxxx PROCLIB member data set to specify whether you want the base or a local LU to be used for asynchronous message responses.

In an IMS 15.4 shared-queues environment, members that could not support local logical units (LUs) can tolerate local LUs; however, the resource information about those local LUs is lost. If an IMSplex member does not support local LUs, then the base LU is used to send asynchronous messages.

It is recommended that all members of an IMSplex migrate to IMS 15.4 before using the APPCLU startup parameter. See IMS Version 15.4 System Definition for information on the APPCLU startup parameter.