ca.portal.admin

DBNODE

Discussion created by ca.portal.admin on Dec 11, 2006
Hi all,

Just a quick question.... I'm trying to implement a transaction that
executes in 1 CV, but the rununit is sent to another CV, via a DBNODE.
You would think that the rununit that tries to logon to the backend CV
would have the userid of the person executing the transaction in the
frontend CV, but in my case, it's getting the userid associated to the
frontend CV. I can't remember, and I'm having problems finding the doc
on how to get the rununit to use the userid of the transaction.

Does anyone have any ideas on the subject?

Thanks,
Laura Rochon
Ajilon
"
IDMS Public Discussion Forum
IDMS-L@LISTSERV.IUASSN.COM
SMTP
IDMS-L@LISTSERV.IUASSN.COM
IDMS-L@LISTSERV.IUASSN.COM
SMTP








Normal

Normal
DBNODE
"Hi all,

Just a quick question.... I'm trying to implement a transaction that
executes in 1 CV, but the rununit is sent to another CV, via a DBNODE.
You would think that the rununit that tries to logon to the backend CV
would have the userid of the person executing the transaction in the
frontend CV, but in my case, it's getting the userid associated to the
frontend CV. I can't remember, and I'm having problems finding the doc
on how to get the rununit to use the userid of the transaction.

Does anyone have any ideas on the subject?

Thanks,
Laura Rochon
Ajilon
"
IDMS Public Discussion Forum
IDMS-L@LISTSERV.IUASSN.COM
SMTP
IDMS-L@LISTSERV.IUASSN.COM
IDMS-L@LISTSERV.IUASSN.COM
SMTP








Normal

Normal
Re: External Security for IDMS Signon
">if you are interested only in signon security to be externalized,
but other security to be internallized, then you will need all users
defined to RACF AND idms internal security .. then questions become ...
when a new person is added to RACF, are they automatically added to IDMS?
when they are terminated, are the dropped RACF Auth ids also removed
from IDMS or is that a manual task?

we have these problems with DB2 and it really is a headache!




Chris Hoelscher
"
IDMS Public Discussion Forum
IDMS-L@LISTSERV.IUASSN.COM
SMTP
IDMS-L@LISTSERV.IUASSN.COM
IDMS-L@LISTSERV.IUASSN.COM
SMTP








Normal

Normal
Re: External Security for IDMS Signon
"We had home built external security since 1991 with IDMS 10.2 and RACF.
When we eventually got on to 12.0 we switched to CA's external security
- absolutely painless. In most shops all users are generally defined in
something like RACF in any event because usually they signon to
Netmaster (Solve) first then go into IDMS. By using external security a
single password change as users signon to the mainframe changes their
password for all CV's. Deactivating a user's RACF User Id deactivates
the user for all CV's that they have access to. The user passwords in
the User Catalog are meaningless - they are not checked either
before/after the external security password check. So you get
centralised security administration for authenticating the user and
their credentials.

You will need to create a resource in class APPL that represents each CV
that the users will have access to - for example APPL(SYST0017) for DC
System 17. To access System 17 a User needs to be in a Group that has
access to this resource. We have a UACC(READ) on all such resource names
with additional processing in our signon script checking for ""other""
information to confirm that the user actually does have access to a
particular system.

We had no performance problems and did not see any noticeable increase
in the use of either 24 or XA storage. There is one small RACF control
block (the ACEX) that hangs off the Signon Element (SON) which
represents the User and his/her RACF Group memberships - this helps to
speed security checks if you use external security for access to IDMS
resources (Tasks, activities and so forth).

HTH - cheers - Gary

Outcomes