Defining the level of OTMA security checking
If you use a security product such as RACF®, you can specify different levels of security checking by using the OTMASE parameter.
The value specified in the OTMASE parameter can be overridden
when IMS is running by issuing
the /SECURE OTMA command.
The levels of security checking include:
- CHECK (C)
- IMS commands are checked against the CIMS class. IMS transactions are checked against the TIMS class.
- FULL (F)
- The same type of security as CHECK, but additional checking is performed against dependent regions. F is the default value for the OTMASE parameter.
- JOIN (J)
- Only OTMA client bid requests are checked by using the RACF Facility class
IMSXCF.xcfgroup.memberprofile, if it exists. No calls to RACF are made for IMS transactions and commands. - NONE (N)
- OTMA RACF security is NONE. No calls to RACF are made.
- PROFILE (P)
- Each OTMA message defines the level of security checking to be done.
After the OTMA client connection is authorized, the transaction or
command security checking will be performed based on the security setting in the
LUY_RACF_OPT of the message prefix which is set using the OTMA security level. For
OTMA security level JOIN (J), the security setting in the message will be
NONE for transaction and command processing.