Controlling access to databases by FM/IMS functions
Security administrators can control the access that users have to databases when using FM/IMS functions.
Different methods of controlling access are required depending on whether the functions run in DLI or BMP mode.
- You can use RACF® (or an equivalent security product) data set profiles. At most installations, the database data sets are already protected by RACF® data set profiles. If this is not the case, you need to define RACF® profiles for all database data set resources. One advantage of this method is that the protection that it provides is not just restricted to when the access is through FM/IMS functions.
- You can use the FM/IMS Database Access Control facility. For information on how to customize this facility, see The Database Access Control facility.
For functions that run in BMP mode, there are several different ways of controlling users' access to databases.
- You can use the FM/IMS Database Access Control
facility.
For information on how to customize this facility, see The Database Access Control facility.
- You can provide a version of the FMN1SXT security exit that
prevents users accessing databases that they don't have authority to access.
For information on writing your own version of FMN1SXT, see Customizing the FM/IMS security exit.