Table 21-1 lists the: Table 21-1. Resources That Can Be Secured, Types of Protection, the Facilities to Protect Them, and Valid EnvironmentsResource | Type of Protection | Facilities | Valid Environments |
---|
Command | Default terminal security | System definition | DB/DC, DCCTL | | LTERM security[a] | SMU | DB/DC, DCCTL | | Password security[a] | SMU | DB/DC, DCCTL | | Transaction command security | SMU, RACF | DB/DC, DCCTL | | Input access security | RACF | DB/DC, DCCTL | | IMSplex command security | RACF | DB/DC, DCCTL | | DBRC command authorization[b] | RACF or exit routine | DB/DC, DCCTL | Database | Segment sensitivity | PSBGEN RACF | DB/DC, DCCTL, DBCTL | | Field sensitivity | PSBGEN RACF | DB/DC, DCCTL, DBCTL | | Password security (for /LOCK, /UNLOCK commands) | SMU or RACF | DB/DC, DCCTL, DBCTL | Dependent region | Application group name (AGN) security | SMU and exit routine or SMU and RACF | DB/DC, DCCTL, DBCTL | | APSB security | RACF | DB/DC, DCCTL, DBCTL | | Resource Access Security (RAS) | RACF | DB/DC, DCCTL, DBCTL | IMS online system (control region) | Extended resource protection (using APPL resource class) | RACF | DB/DC, DCCTL, DBCTL | LTERM[a] | Password security (for /IAM, /LOCK, /UNLOCK commands) | SMU or RACF | DB/DC, DCCTL | | AGN security | SMU and exit routine or SMU and RACF | DB/DC, DCCTL | | RAS security | RACF | DB/DC, DCCTL | LU 6.2 inbound and IMS-managed outbound conversations | Allocate verification security | RACF and exit routine | DB/DC, DCCTL | | Input access security | RACF and exit routine | DB/DC, DCCTL | Online application program | Password security (for /IAM, /LOCK, /UNLOCK commands) | SMU or RACF | DB/DC, DCCTL | | Extended resource protection (using APPL keyword) | RACF | DB/DC, DCCTL | PSB | AGN security | SMU and exit routine or SMU and RACF | DB/DC, DCCTL, DBCTL | | RAS | RACF | DB/DC, DCCTL, DBCTL | | APSB security | RACF[c] | DB/DC, DCCTL | PTERM[a] | Signon verification security | SMU and exit routine or RACF and exit routine | DB/DC, DCCTL | | Terminal-user security | RACF | DB/DC, DCCTL | | Password security (for /IAM, /LOCK, /UNLOCK commands) | SMU or RACF | DB/DC, DCCTL | System data set | Operating system password protection | z/OS | DB/DC, DCCTL, DBCTL | | Data set protection (VSAM) (using PERMIT, RDEFINE classes) | RACF | DB/DC, DCCTL | Terminals defined with ETO | Signon verification security | RACF and exit routine | DB/DC, DCCTL | | Input access security | RACF and exit routine | DB/DC, DCCTL | Transaction | LTERM security[a] | SMU | DB/DC, DCCTL | | AGN security | SMU and exit routine or SMU and RACF | DB/DC, DCCTL | | Input access security | RACF | DB/DC, DCCTL | | RAS | RACF | DB/DC, DCCTL | | Password security[a] (for /LOCK, /UNLOCK commands) | SMU or RACF | DB/DC, DCCTL | Type 1 Automated Operator Interface (AOI) applications | Transaction command security | SMU or RACF and Command Authorization exit routine | DB/DC, DCCTL | Type 2 AOI applications | Transaction command security | RACF and Command Authorization exit routine | DB/DC, DCCTL |
[a] Static terminals only. Not applicable to ETO-defined terminals.
[b] DBRC Command Authorization is an additional command security option for DBRC commands only. DBRC commands are also subject to any other command security options that are active in the IMS system.
[c] Using RACF to secure APSBs applies to CPI-C driven applications only. Resources you can protect Valid security options for that resource Facilities available to protect that resource Applicable environments |