DBRC security

The RECON data sets are critical to the integrity of IMS databases. Therefore, consider restricting access and providing access to only a subset of the DBRC commands for those users who must issue them.

In the online region, IMS provides some authorization functions for commands issued. By default, IMS restricts /RMxxxxxx commands (except for /RMLIST) to the Master Terminal Operator (MTO).

You can establish authorization control for DBRC commands through RACF® (or an equivalent security product), a user exit routine, or both. For example, logon ID SMITH could have access to issue an INIT.DB command against DBD PAYROLL but not against DBD CUSTOMER.

The HALDB Partition Definition utility is an ISPF application that allows you to manage the definitions of IMS HALDBs and their partitions in the RECON data set, providing functionality equivalent to the following:

INIT.DB
INIT.PART
CHANGE.DB
CHANGE.PART
CHANGE.DBDS
DELETE.DB
DELETE.PART
LIST.DB

Authorization for the HALDB Partition Definition utility is controlled using the same resources as defined for these commands with one exception: the CHANGE.PART resource is used in place of the CHANGE.DBDS resource.

Related reading: See IMS Version 15.5 Database Utilities for more information about the HALDB Partition Definition utility.