IMS™ subsystems and FM/IMS functions access control facility
FM/IMS allows you to control which IMS™ subsystems a user can access when using each of the functions listed in Protected FM/IMS Functions. These functions are protected by default when you receive FM/IMS.
| Function code | Description | UPDATE or READONLY |
|---|---|---|
| DBI | Initialize dialog - generates JCL for the initialize function | UPDATE |
| DDD | Delete or define dialog - generates JCL to delete or define database data sets | UPDATE |
| DIB | Initialize - initialize databases (batch) | UPDATE |
| IB | Browse - browse a database | READONLY |
| IBBO | Batch browse dialog - generate JCL for the batch browse function | READONLY |
| IBB | Batch browse - read a database in batch (batch) | READONLY |
| IE | Edit - edit a database | UPDATE |
| IEBO | Batch edit dialog - generates JCL for the batch edit function | UPDATE |
| IEB | Batch edit - edit a database in batch (batch) | UPDATE |
| IPRO | Print dialog - generates JCL for the print function | READONLY |
| IPR | Print - print data from databases (batch) | READONLY |
| IX | Extract dialog - generates JCL for the extract function | READONLY |
| IXB | Extract - extract data from databases (batch) | READONLY |
| IL | Load dialog - generates JCL for the load function | UPDATE |
| ILB | Load - load data into databases (batch) | UPDATE |
You can grant or deny some or all users access to:
- Individual IMS™ subsystems by individual functions in Protected FM/IMS Functions.
- Individual functions in Protected FM/IMS Functions. When you grant or deny users access to individual functions, they are granted or denied access to all IMS™ subsystems when using these functions.
- Individual IMS™ subsystems by the update or read-only functions.
- The update or read-only functions. When you grant or deny users access to the update or read-only functions, they are granted or denied access to all IMS™ subsystems when using the update or read-only functions.
FM/IMS provides security for these functions, in one of two ways, either through RACF® (or an equivalent security product).
If Security Server RACF® or an equivalent security product is active, the System Authorization Facility (SAF) with the File Manager enhanced security facility is used for access control and authorization verification. Authorization is controlled by FM/IMS-specific profiles in the FACILITY class. This chapter describes the FM/IMS-specific profiles that you must define to RACF® or your equivalent security product. It also describes how you define these profiles to RACF®. If you use another security product, consult the documentation for your product to determine how to define these profiles to your product.
The rest of this section describes how you implement security controls in RACF® (or an equivalent security product) for the functions in Protected FM/IMS Functions.