Home
Customizing File Manager IMS™ Component
Preparing to customize FM/IMS
Security
This section outlines how you can protect IMS™ resources that can be accessed through FM/IMS functions.
Controlling access to databases by FM/IMS functions
Security administrators can control the access that users have to databases when using FM/IMS functions.

Customizing File Manager IMS™ Component
- Preparing to customize FM/IMS
  - Checklist for installing and customizing FM/IMS
  - Supported databases
  - Region types
  - PSB types
  - IMS™ region controller parameters
  - Security
    This section outlines how you can protect IMS™ resources that can be accessed through FM/IMS functions.
    - Controlling access to databases by FM/IMS functions
      Security administrators can control the access that users have to databases when using FM/IMS functions.
    - Controlling access to IMS™ subsystems and FM/IMS functions
    - Resource access security and AGN security considerations
      Resource access security (RAS) prevents an application program that is running in a dependent region from using IMS™ resources unless it is authorized to do so.
    - RACF® PADS security considerations
      Program Access to Data Sets (PADS) allows users or groups of users to access data sets with higher authority than they would normally have, but only while running a specified program.
  - IMS™ subsystem access
  - Avoiding resource contention
  - IMS™ management of ACBs
    This topic describes how FM/IMS operates when IMS™ is configured to manage the runtime application control blocks (ACBs).
  - Templates
    FM/IMS uses templates to format database segments into their individual fields. One template is required for each database.
  - Alternatives for making FM/IMS available
  - Alternatives for controlling FM/IMS auditing
- Customizing the operating environment for FM/IMS
- Customizing FM/IMS
- Customizing the FM/IMS security environment
- Customizing the File Manager audit facility for IMS™ component
- Customizing FM/IMS for national languages
  You can customize FM/IMS for national languages other than English.
- Verifying the customization of FM/IMS

Controlling access to databases by FM/IMS functions

Security administrators can control the access that users have to databases when using FM/IMS functions.

Different methods of controlling access are required depending on whether the functions run in DLI or BMP mode.

For functions that run in DLI mode, you must control users' access to the database data sets. There are two ways you can do this:

You can use RACF® (or an equivalent security product) data set profiles. At most installations, the database data sets are already protected by RACF® data set profiles. If this is not the case, you need to define RACF® profiles for all database data set resources. One advantage of this method is that the protection that it provides is not just restricted to when the access is through FM/IMS functions.
You can use the FM/IMS Database Access Control facility. For information on how to customize this facility, see The Database Access Control facility.

For functions that run in BMP mode, there are several different ways of controlling users' access to databases.

The standard way is to use Resource Access Security (RAS) and the IIMS and JIMS RACF® security classes to control which PSBs each user can use. An advantage of this method is that the protection that it provides is not just restricted to when the access is through FM/IMS functions. However, the method has one serious limitation: it can only be used to control access by functions that use static PSBs. One of the following methods must be used to control access by functions that use dynamic PSBs.

You can use the FM/IMS Database Access Control facility.
For information on how to customize this facility, see The Database Access Control facility.
You can provide a version of the FMN1SXT security exit that prevents users accessing databases that they don't have authority to access.
For information on writing your own version of FMN1SXT, see Customizing the FM/IMS security exit.

Both of these methods can also be used to control access by functions that use static PSBs.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page. Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.