Security Overview

Previous page
Table of content
Next page

When you initiate security safeguards, you must balance the requirements of those users who are responsible for the security of resources and those users who legitimately need access to those resources. Because an individual assigned to resource security is held responsible for resources that might be compromised, that person should not allow easy access to dominate protection measures. On the other hand, users performing their assigned tasks need convenient access to the resources. The users and the security specialist should work out a balanced approach between the ease of resource access and the complexity of protecting that resource.

IMS provides ample flexibility in allowing the installation to secure any type of resource.

In an IMS system, you should consider various facets of the security implementation:

  • The resource name: For example, a user might be allowed access to the Part database but not to the Customer Order database.

  • The level of access: What the user can do to the resource. For example, a user might be allowed to read a file but not to update it.

IMS provides a system definition macro (the SECURITY macro) that allows the installation to code all of the security specifications on one macro. The SECURITY macro specifies security options for IMS internally provided SMU security, RACF security, an installation-provided security exit routine, or any combination of these facilities.

Before you decide what security facilities to use in designing a secure IMS system, you should know which resources within the system need protection. In other words, you should decide what to protect before you decide how to protect it.

Two advantages of using a security product for securing access to resources are:

  • One product can be used to implement the security requirements for multiple subsystems, such as IMS, CICS, and other subsystems.

  • All of the security information can be kept and maintained in one place, such as the RACF database. One centralized database repository containing all the installation's security specifications eliminates, or significantly minimizes, the problems inherent with using individual product's security functions, namely:

    - Duplicating and distributing security information among several subsystems

    - Coordinating the security enforcement functions implemented in multiple products

RACF offers a wide range of security choices to the installation. For example, RACF contains security features such as user-identification-based security and verification-based security, which are not available with the SMU.

Recommendation:

IBM recommends that you implement security using only RACF or an equivalent security product because IMS Version 9 is the last version of IMS to support the SMU.


Related Reading: For more information about IMS security, see:

  • Chapter 4, "Establishing IMS Security," in the IMS Version 9: Administration Guide: System

  • IMS Version 9: Installation Volume 2: System Definition and Tailoring

  • The IBM Redbook IMS Security Guide

  • z/OS V1R4 Security Server RACF Security Administrator's Guide


Previous page
Table of content
Next page
Introduction to IMS. Your Complete Guide to IBM's Information Management System
An Introduction to IMS: Your Complete Guide to IBMs Information Management System
ISBN: 0131856715
EAN: 2147483647
Year: 2003
Pages: 226
Authors: Dean Meltz, Rick Long, Mark Harrington, Robert Hain, Geoff Nicholls
BUY ON AMAZON
A+ Fast Pass
MySQL Clustering
Postfix: The Definitive Guide
The Java Tutorial: A Short Course on the Basics, 4th Edition
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy