What governs whether access is granted or denied

Access to a subsystem ssid by an update function in Protected FM/IMS Functions with function code fc is governed by the first profile in this list

  • FILEM.FUNCTION.fc.ssid
  • FILEM.FUNCTION.fc
  • FILEM.IMS.UPDATE.ssid
  • FILEM.IMS.UPDATE

Access to a subsystem ssid by a read-only function in Protected FM/IMS Functions with function code fc is governed by the first profile in this list that has been defined in the FACILITY class:

  • FILEM.FUNCTION.fc.ssid
  • FILEM.FUNCTION.fc
  • FILEM.IMS.RDONLY.ssid
  • FILEM.IMS.RDONLY

Security checking for FM/IMS functions illustrates the security checking that FM/IMS performs when a function in Protected FM/IMS Functions attempts to access an IMS subsystem.

Figure 1. Security checking for FM/IMS functions

  ┌──────────────────────────────────┐
  |FM/IMS  function fc subsystem ssid|
  └───────┬──────────────────────────┘
         ↓
  ┌──────┴─────────────────────────────────────┐
  |Facility FILEM.FUNCTION.fc.ssid  Access     |
  ├─────────────┬───────┬────────┬──────┬──────┤    ┌────────┐
  | Not defined | Alter | Update | Read | None ├───►┤Rejected|
  └──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘    └────────┘
         |          |        |       |              ┌────────┐
         |          └────────┴───────┴─────────────►┤Accepted|
         ↓                                          └────────┘
  ┌──────┴─────────────────────────────────────┐
  |Facility FILEM.FUNCTION.fc  Access          |
  ├─────────────┬───────┬────────┬──────┬──────┤    ┌────────┐
  | Not defined | Alter | Update | Read | None ├───►┤Rejected|
  └──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘    └────────┘
         |          |        |       |              ┌────────┐
         |          └────────┴───────┴─────────────►┤Accepted|
         ↓                                          └────────┘
  ┌──────┴─────────────────────────────────────┐
  |Facility FILEM.IMS.name.sid(1)  Access      |
  ├─────────────┬───────┬────────┬──────┬──────┤    ┌────────┐
  | Not defined | Alter | Update | Read | None ├───►┤Rejected|
  └──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘    └────────┘
         |          |        |       |              ┌────────┐
         |          └────────┴───────┴─────────────►┤Accepted|
         ↓                                          └────────┘
  ┌──────┴─────────────────────────────────────┐
  |Facility FILEM.IMS.name(1)  Access          |
  ├─────────────┬───────┬────────┬──────┬──────┤    ┌────────┐
  | Not defined | Alter | Update | Read | None ├───►┤Rejected|
  └─────────────┴───┬───┴────┬───┴───┬──┴──────┘    └────────┘
                    |        |       |              ┌────────┐
                    └────────┴───────┴─────────────►┤Accepted|
                                                    └────────┘
Note:
  1. FILEM.IMS.name is either FILEM.IMS.UPDATE or FILEM.IMS.RDONLY

ALTER, UPDATE or READ access means that the user can use the function. Access NONE means that the user cannot use the function.