AnsweredAssumed Answered

IDMS security model questions

Question asked by phil53.53 on Sep 18, 2013
Latest reply on Sep 26, 2013 by Gary_Cherlet
We have a server-based API that uses SAF (RACF, ACF2, Top Secret) resources. In "normal" usage, we check the caller's ACEE. In CICS, we use the CICS-provided ACEE that includes the CICS user's ID (well, optionally--if they want to do authorization based on the entire CICS region ID, that's allowed, too). DB2 runs qiueries under the requesting user's ACEE, so that Just Works.

So if the API gets called from IDMS, what will we see? Will the query be run under the requesting user's ACEE? Will we get an "application ACEE" (for lack of a better term) like with CICS?

I've spent some time with the IDMS Security Administration book, but that isn't helping me much.

Obviously I can answer this empirically once I'm at a customer site, but it would be nice to know in advance what we're dealing with, especially if it's not either of the cases like CICS or DB2.