Using External Security

Essential to the Security System
idms19
SRTT Requirements
Essential to the Security System
The SRTT is the essential foundation of the CA IDMS security system because a resource is unsecured unless security for it is specified in the SRTT.
To secure a resource externally, you must include information in the SRTT that identifies the resource to the external system. This information must include an external resource class and an external resource name.
For external security, you do not need to create any resource definitions within CA IDMS.
SRTT Entries for External Enforcement
You maintain the following information in the SRTT about resources that are secured externally:
  • Resource type
     -- A keyword representing a type of resource, such as program, table, or database.
    Certain keywords are reserved for resource types defined by CA IDMS. You can specify any one- to four-character keyword to define your own resource type as long as the meaning of and rules for the resource type are defined in your external system.
    For keywords reserved by CA IDMS, see #SECRTT.
  • Security option
     -- Always EXTERNAL, specified in the SECBY= parameter.
  • External resource class
     -- The name of the resource type as defined in the external security software.
  • Resource name
     (optional) -- A specific occurrence of a resource type (resource types database, task, and program only).
  • External resource name format
     -- The format of the resource name as defined in the external security software.
  • Environment name
     (optional, specified on the initial #SECRTT macro) -- The name of a CA IDMS processing environment to be associated with the resource.
Specifying External Resource Class and Name
An external security check on a resource occurrence depends upon an external resource class and external resource name supplied on the 
entry
 for the resource type in the SRTT. External resource classes and names specified on occurrence overrides are ignored by the runtime system.
Therefore, you must create an SRTT entry with the external resource class and name for a resource type whether you are securing all occurrences of the resource type externally or only some occurrences.
In the following example, an SRTT entry for tasks is created even though the specified security option is 'OFF'. The purpose of the entry is to provide information needed to perform an external security check on the OPER task, for which external security is specified in the occurrence override that follows.
         #SECRTT TYPE=ENTRY,                                          X                RESTYPE=TASK,                                          X                SECBY=OFF,                                             X                EXTNAME=(RESTYPE,RESNAME)                              X                EXTCLS='IDMSTASK'            #SECRTT TYPE=OCCUR,                                          X                RESTYPE=TASK,                                          X                RESNAME='OPER',                                        X                SECBY=EXT