RACF® PADS security considerations
Program Access to Data Sets (PADS) allows users or groups of users to access data sets with higher authority than they would normally have, but only while running a specified program.
To run FM/IMS functions, users generally require more access to IMS™ data sets than they would ordinarily have. If you want this access to be restricted to when they are using FM/IMS functions, you should use PADS.
To run a File Manager/IMS function in DLI mode, users must be given UPDATE access to the RECON data sets, and if you want this function to use an IMS™ log, users must be given ALTER access to the IMS™ log data set.
When FM/IMS functions only require READ access to an IMS™ data set, you may choose not to restrict the access to when FM/IMS functions are used. However, when FM/IMS functions require UPDATE or ALTER access to the data set, as is the case for the RECON and IMS™ log data sets, the consequences of not restricting access can be more serious. So, access to these data sets should always be provided through PADS.
- Set PADS=Y when you customize the FM/IMS installation options module.
- Identify all the subsystems in the FM/IMS installation options module with ACBMGMT=ACBLIB or USEDDL=N specified.
- Create a PDSE program library for each subsystem with the above settings, and set the DYNPSB parameter for the subsystem to the name of the library.
For more information on how to code the PADS and DYNPSB parameters, see FM/IMS options.