Skip to Content

Protection of access controls

During installation of console-enabled products, the product does not prompt you to implement access controls. The product does prompt you to define address spaces for the UIM server and any other servers that are installed. Files in the server address space determine server configuration.

UIM server configuration

The UIM server configuration file SMF$DHSP is an XML configuration file that is used to implement access controls. The file is installed in the UIM server configuration data set (default data set name HLQ.CONFIG) on the mainframe.

To protect access control policy from unauthorized changes, you must secure update access to the XML configuration file. Doing so protects defined resource names from being substituted.

The following figure displays the format that is used in the XML configuration file for specifying access controls. The format includes the name of the rule, the name of the resource, and the SAF class.

  <rule name="SDBA_DNA_EDIT_CONNECTION_LIST" resource="BBM.SDBA.DNA.ECL" class="FACILITY" />  

  <rule name="BBM.SDBA_DNA_EDIT_CCLCONNECTION_LIST" resource="BBM.SDBA.DNA.CCL" class="FACILITY" />
                                              
  <rule name="SDBA_DNA_SPOOL" resource="BBM.SDBA.DNA.%FUNCTION%.SPOOL" class="FACILITY" />

Related topic

Customizing-the-ISPF-Export-utility-for-DASD-MANAGER-PLUS


  

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

Common Db2 documents 12.1