Security facilities and security types for DBCTL resources
The security facility that you use to protect a particular DBCTL resource depends on the type of security that you want and the available security facilities for that type of security. Security facilities for DBCTL resources include z/OS®, RACF®, and PSBGEN.
The following table summarizes the types of security and facilities that are available for DBCTL resources.
| Resources | Type of security | Security facility |
|---|---|---|
| System data set | OS password protection | z/OS |
| Data set protection (VSAM) | RACF | |
| Database | Segment sensitivity | PSBGEN |
| Field sensitivity | PSBGEN | |
| Password security (for the /LOCK and /UNLOCK commands). | RACF See note 1 | |
| PSB | resource access security | RACF |
| APSB security | RACF | |
| BMP application program | Password security (for the /LOCK and /UNLOCK commands) | RACF |
| Extended resource protection (using APPL keyword) | RACF | |
| Control region | Extended resource protection (using APPL resource class) | RACF |
| Dependent region | RAS security | RACF |
| APSB security | RACF | |
| resource access security | RACF |
Note:
- RACF authority for the /LOCK PGM and /LOCK DB commands is not checked in a DBCTL-only system (SYSTEM parameter in the IMSCTRL macro during the system definition process contains DBCTL or IMS is started with the DBC procedure).