PreviousIMS Syncpoint Coordination For the Database Administrator (DBA)Next"

Chapter 5: IMS Security

This chapter discusses methods of security for controlling access to IMS Option applications and resources. With centralized systems, controlling logon access and protecting applications can be enough to secure the system. With IMS Option, and distributed environments in general, network access is often more lenient. Protecting the underlying resource, such as a database, becomes more important in these environments.

5.1 Overview

IMS Option does not provide its own specialized security software. It also does not require that you implement any security. Software provided with your network and database systems can be used to secure access to resources. The Fileshare system provides the access control for protecting shared IMS Option databases. Remote IMS relies on the security available to your IMS/ESA system. See your SQL system's documentation for its security features.

Security is a complex and difficult issue. It can range from the form of data transmitted on communications lines to which people are enabled to view specific pieces of information. Groups within the same company may have different ideas on what security should be. There are too many aspects for us to describe this topic in much detail. You will need to study and implement security to satisfy your requirements. Please contact your sales or technical representative if you need any assistance.

5.2 Network Security

The security provided by network server software is a key component for IMS Option local area networks (LANs). This software typically provides for different levels of access including: none, read-only and update. The IMS Option Gen files and databases are standard operating system files. When accessed using network "requester" services (redirected drives), they can be protected using your network server security facilities.

Executable programs are also accessed using standard methods. If they are on the server they can be protected. This can be used as a substitute to protecting specific Trancodes. For example, by controlling read access to the main program of a Trancode you effectively limit running the Trancode.

The IMS Option software can also be protected. If you remove read access to the IMS Option .lbr files, the software cannot be started from the secured folder.

5.3 Fileshare Security

When using Fileshare to access databases or Gen files, it is logged on to your network as a user with privilege to access all the files that it manages. The clients communicate to the Fileshare Server using their own protocols and do not have to be logged on to the network. This effectively means that Fileshare bypasses your network server security.

The Fileshare Server provides security to limit logons and protect access to specific files. The Fileshare Server security is configured using an encrypted list of user IDs and passwords. Applications can only use Fileshare if they connect using a valid user ID and password. Access to specific files is controlled using Selective Access routines. See your Fileshare User Guide for details of its security mechanisms.

The Fileshare client can set a user ID value when connecting to the Fileshare Server. The connection is established when the first I/O request is made to the Fileshare Server. IMS Option sets this user ID when it makes its first I/O request to Fileshare. This occurs when using Fileshare for databases or for access to Gen files. The user ID comes from the user ID value set on the TM/MFS more page of the IMS System Properties dialog box.

To provide a password when connecting to a secured Fileshare Server, IMS Option can display a popup a window which requests the password when it connects to Fileshare. You can select this option on the TM/MFS more page of the IMS System Properties dialog box. The value that you specify on the password popup window is not stored in any file and does not appear on the screen as you type it. The System Configuration Password value (*MFIMS) is saved in a file.

Any password value other than *MFIMS is ignored and is not used when connecting to the Fileshare Server. The CICS systems can use Fileshare for indexed files. In this case, the connection to Fileshare might have been established prior to IMS Option making its first request. See your CICS documentation for its support of Fileshare.

You can manage your own user ID and passwords for Fileshare sessions. The IMS Option user ID and password only apply if it makes the first I/O request to the Fileshare Server. You could use the IMS Option IMS86ENT system exit or an application program to connect to Fileshare prior to IMS Option making its first Fileshare request. Or, you can use Fileshare's FHRDRPWD program exit to set a user ID and/or password. Any values you set with FHRDRPWD override the System Configuration as long as they are set prior to IMS Option making its first I/O request to Fileshare.


Copyright © 1999 MERANT International Limited. All rights reserved.
This document and the proprietary marks and names used herein are protected by international law.

PreviousIMS Syncpoint Coordination For the Database Administrator (DBA)Next"