ca.portal.admin

Re:Re: IDMS-L Digest - 28 Oct 2008 to 29 Oct 2008 (#2008-182)

Discussion created by ca.portal.admin on Oct 30, 2008
Lutz,

This is how we implemented #UTABGEN in our site.

=20
** SETUP FOR 4 SEC CODES 1 =3D DEVELOPER **
** 2 =3D HOUSEKEEPING **
** 3 =3D DBD AND DBA FUNCTION **
** 4 =3D EDS DBA FUNCTION **
** **
** ----- --------------- -------------------------- **
** CLASS CODE UTILITY COMMAND **
** ----- --------------- -------------------------- **
** =3D=3D=3D=3D=3D=3D DEVELOPER FUNCTIONS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D **
** **
** 1 SETOPTIONS SET BCF/OCF OPTIONS **
** 1 PRINTSPACE REPORT AREA/SEG SPACE UTILIZATION **
** **
** =3D=3D=3D=3D=3D=3D HOUSEKEEPING FUNCTIONS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D **
** **
** 2 ARCHIVELOG ARCHIVE DCLOG * BCF ONLY * **
** 2 CLEANUP ERASE LOGICALLY DELETED RECORDS **
** 2 PRINTINDEX REPORT INDEX STRUCTURE **
** 2 PRINTJOURNAL REPORT TRANS CHECKPOINT BCF ONLY **
** 2 PRINTLOG PRINT DCLOG OR ARCHIVE LOG **
** 2 PRINTPAGE PRINT CONTENT OF DATABASE PAGE **
** 2 UPDATESTATISTICS UPDATE TABLE STATISTICS **
** **
** =3D=3D=3D=3D=3D=3D DBD AND DBA FUNCTIONS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D **
** **
** 3 ARCHIVEJOURNAL ARCHIVE JOURNAL * BCF ONLY * **
** 3 BACKUP BACKUP DATABASE AREAS **
** 3 BUILD BUILD INDEX,REFERENTIAL CONSTRAINT **
** 3 CONVERTPAGE CHANGE PAGE RANGE OR MAX RECORDS **
** 3 EXPANDPAGE INCREASE AREA PAGE SIZE **
** 3 FASTLOAD LOAD NON-SQL DATABASE * BCF ONLY * **
** 3 FIXPAGE MODIFY CONTENT OF DATABASE PAGE **
** 3 FORMAT FORMAT AREA/SEGMENT/FILE **
** 3 INSTALLSTAMPS INSTALL STAMPS FOR SQL DATABASE **
** 3 LOAD LOAD SQL DATABASE **
** 3 LOCK LOCK AREA/SEGMENT **
** 3 MAINTAININDEX MAINTAIN INDEX FOR NON-SQL DATABASE**
** 3 PUNCHLOADMODULE PUNCH DMCL, DBTABLE LOAD MODULE **
** 3 RELOAD RELOAD DATABASE * BCF ONLY * **
** 3 RESTORE RESTORE DATABASE **
** 3 RESTRUCTURE MODIFY RECORD TO MATCH SCHEMA **
** 3 RESTRUCTURECONNECT CONNECT POINTERS TO SETS **
** 3 ROLLBACK ROLLBACK DATABASE **
** 3 ROLLFORWARD ROLLFORWARD + EXTRACT JOURNAL **
** 3 SYNCHRONIZESTAMPS SYNCHRONIZE STAMP FOR SQL DATABASE **
** 3 TUNEINDEX ADOPT ORPHANED INDEXED RECORDS **
** 3 UNLOAD UNLOAD DATABASE AREA **
** 3 UNLOCK UNLOCK AREA/SEGMENT **
** 3 VALIDATE VALIDATE SQL TABLE **
** **
** =3D=3D=3D=3D=3D=3D EDS DBA FUNCTIONS =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D **
** **
** 4 CONVERTCATALOG CONVERT CATALOG **
** 4 FIXARCHIVE REWRITE JOURNAL FOR ROLLBACK BCF **
** 4 MAINTAINASF MAINTAIN ASF **
** 4 MERGEARCHIVE MERGE ARCHIVE **
** **
** =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
**
** THE FOLLOWING CODES COVER BOTH - IF YOU CAN DO IT IN OCF YOU **
** SHOULD BE ABLE TO DO IT IN BCF - WITH THIS CHANGE YOU WILL **
** NEED TO ADD STATEMENTS FOR EACH CV **
** CREATE RESOURCE ACTIVITY OCF.ACT_001 NUMBER 1; **
** CREATE RESOURCE ACTIVITY OCF.ACT_002 NUMBER 2; **
** CREATE RESOURCE ACTIVITY OCF.ACT_003 NUMBER 3; **
** CREATE RESOURCE ACTIVITY OCF.ACT_004 NUMBER 4; **
** **
** CREATE RESOURCE ACTIVITY BCF.ACT_001 NUMBER 1; **
** CREATE RESOURCE ACTIVITY BCF.ACT_002 NUMBER 2; **
** CREATE RESOURCE ACTIVITY BCF.ACT_003 NUMBER 3; **
** CREATE RESOURCE ACTIVITY BCF.ACT_004 NUMBER 4; **
** **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_001 TO DBA; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_002 TO DBA; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_003 TO DBA; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_004 TO DBA; **
** **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO DBA; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO DBA; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_003 TO DBA; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_004 TO DBA; **
** **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_001 TO DBD; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_002 TO DBD; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_003 TO DBD; **
** **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO DBD; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO DBD; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_003 TO DBD; **
** **
** GRANT EXECUTE ON CATEGORY CAT_OCF TO DEV; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_001 TO DEV; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO DEV; **
** **
** GRANT EXECUTE ON CATEGORY CAT_OCF TO MIG; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_001 TO MIG; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_002 TO MIG; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO MIG; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO MIG; **
** **
** GRANT EXECUTE ON CATEGORY CAT_OCF TO HELP_DESK; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_001 TO HELP_DESK; **
** GRANT EXECUTE ON ACTIVITY OCF.ACT_002 TO HELP_DESK; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO HELP_DESK; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO HELP_DESK; **
** **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO IDMSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO IDMSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_003 TO IDMSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_004 TO IDMSSTC; **
** **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_001 TO EDSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_002 TO EDSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_003 TO EDSSTC; **
** GRANT EXECUTE ON ACTIVITY BCF.ACT_004 TO EDSSTC; **
** **
*******************************************************************
#UTABGEN (A,1,B,2,C,3,D,4), X
(PRINTSPACE,A,SETOPTIONS,A), X
(ARCHIVELOG,B,CLEANUP,B,PRINTINDEX,B, X
PRINTJOURNAL,B,PRINTPAGE,B, X
PRINTLOG,B,UPDATESTATISTICS,B), X
(ARCHIVEJOURNAL,C,BACKUP,C,BUILD,C, X
CONVERTPAGE,C,EXPANDPAGE,C,FASTLOAD,C,FIXPAGE,C, X
FORMAT,C,INSTALLSTAMPS,C,LOAD,C,LOCK,C, X
MAINTAININDEX,C,PUNCHLOADMODULE,C, X
RELOAD,C,RESTORE,C), X
(RESTRUCTURE,C,RESTRUCTURECONNECT,C, X
ROLLBACK,C,ROLLFORWARD,C,SYNCHRONIZESTAMPS,C, X
TUNEINDEX,C,UNLOAD,C,UNLOCK,C, X
VALIDATE,C), X
(CONVERTCATALOG,D,FIXARCHIVE,D, X
MAINTAINASF,D,MERGEARCHIVE,D)
END

There are three utility commands (BUILD, EXTRACT JOURNAL, PRINT LOG) mentio=
ned in the IDMS Utilities Manual that are not specified as parameters in #U=
TABGEN in the IDMS Security Administration Manual. EXTRACT JOURNAL is imple=
mented as part of the ROLLFORWARD command. The other two are implemented as=
BUILD and PRINTLOG parameters in #UTABGEN

When running IDMSBCF as Batch to CV job, it is checking the OCF Execute Pri=
vilege and not the BCF Execute Privilege for Resource Activity associated w=
ith the Activity Classes defined in the #UTABGEN. It works fine when IDMSBC=
F is running in local mode, i.e. it uses the BCF Execute Privilege.

In response to this issue raised with CA, a DOCUP has been created for this=
matter of securing the individual BCF/OCF utility commands. Bottom line i=
s that the term BCF applies to local mode batch only, while the term OCF ap=
plies both to OCF and batch to CV (i.e. central mode batch).=20

The following DOCUP is for:
1. The ""Advantage CA-IDMS Release 16.0 Release Summary"" guide
Topic 5.0 Utility and Sysgen Enhancements
Subtopic 5.9 Security Enhancements
5.9.3 #UTABGEN
5.9.3.3 Parameters (<=3D insert A)
5.9.3.5 Example (<=3D insert B)
2. The ""Advantage CA-IDMS Security Administration"" guide
Chapter 10. Syntax for Assembler Macros
Subtopic 10.2 #UTABGEN
10.2.3 Parameters (<=3D insert A)
10.2.5 Examples (<=3D insert B)
---------------------------------------------------------------------------=
--
1. Part A
=3D=3D=3D=3D=3D=3D
Add the following note at the end of the ""BOTH,BCF,OCF""-clause and just bef=
ore the ""command-code""-clause:

Note: The terms BCF and OCF are used to distinguish between operations proc=
essed inside the CV from those processed in the batch address space. This m=
eans that the term BCF applies to local mode batch only, while the term OCF=
applies to both OCF and batch to CV (i.e. central mode batch).

2. Part B
=3D=3D=3D=3D=3D=3D
Add the following to the end of the sentence that begins with ""OCF
indicates (that) the commands ...."" :

... running in the online command facility OCF =3D> or as part of the ba=
tch command facility: IDMSBCF running in central mode.

Add the following to the end of the sentence that begins with ""BCF
indicates that the commands ...."" :

... of the batch command facility: IDMSBCF
=F0 running in local mode only.

The intention was to distinguish between OCF & BCF, i.e. between operations=
processed inside the CV (OCF and batch to CV) and those processed in the b=
atch address space (local mode batch). The reason for that is that in local=
mode batch, external security can be used to protect DB files from illegal=
attempts to update them, while under the CV, no such protection exists. T=
here is indeed some confusion about the terms OCF & BCF, while it would per=
haps been better to call them 'online' (OCF & batch to CV) and 'batch' (loc=
al mode batch).=20

I inquire with CA that if we restore an old copy of IDMSDDAM (to back out t=
he changes in #UTABGEN) and no resource activity numbers are assigned in th=
e old IDMSDDAM, can we leave the resource activities defined in the SYSTEM =
catalog?

The CA response is:

We do the security calls based on what's in #UTABGEN, and if there's nothin=
g in #UTABGEN we don't do the calls, so it doesn't matter what's in the sys=
tem catalog. If you revert to an old idmsddam with a different idmsutab mod=
ule linked (or none at all), an activity code of 0 is assumed for those ent=
ities that are not coded. Activity code 0 represents no security. So you ca=
n leave the resource activities defined in the SYSTEM catalog?

Regards,
Paul Mak
Database Administrator - IDMS

EDS, an HP company

Applications Services, Data Engineering Capability - Sydney Level 3, 36-46 =
George Street, Burwood, NSW 2134, AUSTRALIA

Tel: +61 2 90125434
Fax: +61 2 90126612
Mobile: +61 419 398 116
E-mail: paul.mak@eds.com

We deliver on our commitments so you can deliver on yours.

Outcomes