Implementing user access profiles

A user access profile is the user ID’s authorization for an IMSID.

All product functions that reference an IMS control region require specification of the control region’s IMSID. Before a user may designate an IMSID, a user access profile must exist for the userID and IMSID combination. The user access profile specifies that the user may access an IMSID during DELTA List processing. A user access profile also specifies the keyword table and suffix to be used for DELTA List Edit.

You can create new user access profiles, display existing user access profiles, and update user access profiles. For more information, see To create user access profiles, To display existing user access profiles, and To update user access profiles.

To create user access profiles

Invoke the online interface through the modified ISPF/PDF Primary Option Menu that you created in Accessing-DELTA-IMS-from-an-ISPF-options-menu or through the CLIST that you created in Accessing-DELTA-IMS-from-a-CLIST.The Primary Menu is displayed.
Type 5 in the selection field and press Enter.The Customization panel is displayed.
Type 3 in the selection field and press Enter.The Add User Access Profiles panel is displayed.

UA                DELTA IMS DB/DC - Add User Access Profiles
Command ===> __________________________________________________________

User profiles data set name: DLA.V5.DELTAUPF

Type a userid, an IMSID, the desired authorization values, and an optional
keyword table suffix to define a user's authorization for an IMS system.

Type a userid, four asterisks '****', and the keyword table suffix to
define the default keyword table suffix for a given userid.
                                                                       keyword
                 DELTA List Execute Update --Storage-- --Allow--- Table
Userid   IMSID Exec/Check IMS CMD Parms   Display/Zap A/S/N Cmds Suffix
-------- ----   ---- ----- ------- ------ ------- --- ---------- -------
                  N     N       N       N        N     N       A

Authorization values
   Type an 'A' for All, an 'S' for Some, or an 'N' for None to indicate
   whether the user may enter IMS commands. Type a 'Y' or 'N' to allow or
   disallow the other features.

Use the SAVE or END commands to permanently store all new profile entries; or
Use the CANCEL command to discard any newly queued entries.
Note
If you use SAF security, you will only need to update the keyword table information in the UPF data set.
The following fields are available on this panel:
User profiles data set name
The name of the partitioned data set that contains all user access profiles. Each time you access this panel, this data set name defaults to the user profile data set name that is contained in DLA$GBL0. Changing the data set name on this panel does not update the data set name that is contained in DLA$GBL0 .
Userid
Type a specific userID or a masking pattern.
When DELTA IMS performs an authorization check, it checks the most specific userIDs before the less specific userIDs until it finds a match. For example, assume user access profiles for IMSID IMSA existed for userIDs OPER1, OPER2, OPER*, and *. When DELTA IMS performed authorization checking for userID OPER3, it would select profile OPER* / IMSA. Profile OPER2 / IMSA would match userID OPER2, and * / IMSA would match userID TECH2 or any other userID.
IMSID
Type a specific IMSID or a masking pattern that can allow the user to access several IMSIDs.
DELTA List Exec
Type Y or N to indicate whether the user can execute a DELTA List.
DELTA List Check
Type Y or N to indicate whether the user can check a DELTA List.
Execute IMS CM
Type Y or N to indicate whether the user can issue IMS operator commands. This variable limits IMS commands that are issued from the Execute IMS Command panel only.
Note
Either Execute IMS Command authority or Update Parms authority is required to perform a TSS look-aside refresh.
Update Parms
Type Y or N to indicate whether the user can update the virtual terminal options. Update Parms authority is required to perform the following actions:
- Reload the product options in an active control region
- Perform log utility functions
- Refresh the CPU ID
- (DELTA IMS VIRTUAL TERMINAL only) refresh all TSS look-aside buffers in an active control region.
Storage Display
Type Y or N to indicate whether the user can display IMS control region storage.
Storage Zap
Type Y or N to indicate whether the user can apply zaps to IMS control region storage.
Warning
Enabling the Storage Display and Storage Zap options permits the product to display storage contents within the IMS address space at the TSO terminal. If misused, the Storage Display option can compromise data confidentiality. Users who can display IMS storage can also, if authorized, use the product to alter (or zap) storage. DELTA IMS and DELTA IMS VIRTUAL TERMINAL impose no restrictions over the MVS operating system or the data or addresses zapped. If misused, a loss of system integrity could result.
Allow A/S/N Cmds
Type A (All), S (Some), or N (None) to control the execution of IMS operator commands in DELTA Lists. A allows all IMS commands for the associated userID/IMSID combination, while N prohibits all IMS commands. S lets you individually allow or prohibit IMS commands.
Note
This field is ignored unless you specify to allow selected IMS operator commands on the Global Options panel. See Setting-global-options.
keyword Table Suffix
If a customized keyword table has been created and should be implemented for the specified userID(s), type the keyword table name suffix that identifies the customized keyword table. Keyword tables specify defaults for DELTA List Edit sessions, DELTA Log reports, and DELTA IMS Check and Execute operations. For more information, see the DELTA IMS User Guide .

To display existing user access profiles

Invoke the online interface through the modified ISPF/PDF Primary Option Menu that you created in Accessing-DELTA-IMS-from-an-ISPF-options-menu or through the CLIST that you created in Accessing-DELTA-IMS-from-a-CLIST.The Primary Menu is displayed.
Type 5 in the selection field and press Enter.The Customization panel is displayed.
Type 4 in the selection field and press Enter.The User Profile Sort panel is displayed.
UR                    DELTA IMS DB/DC - User Profile Sort
Command ===> __________________________________________________________

User profiles data set name: DLA.V5.DELTAUPF

Specify the collating sequence of the User Profiles
and then press Enter to display the list of profiles.

   Sequence fields . . . . . . . 1 2 3   (major to minor - 1, 2, and 3)
   Ascending / Descending . . . . A A A   (A or D)

      (1)     (2)         (3)          DELTA Exec Upd     IMS    Allow keyword
                   Last Modification   List   IMS   IMS   Storage A/S/N Table
    Userid   IMSID Date    /    Time Exc/Chk CMDS Parms Dsply/Zap cmds Suffix
    -------- ---- ----------------- --- --- ---- ----- ----- --- ----- -------
The following fields are available on this panel:
User profiles data set name
Type the name of the partitioned data set that contains all user access profiles.
Sequence fields
The sort sequence is from major to minor; 1 for first and 3 for last.
Ascending/Descending

Type the sort direction; A for ascending and D for descending.

For information about the remaining fields, see To update user access profiles.

To update user access profiles

Invoke the online interface through the modified ISPF/PDF Primary Option Menu that you created in Accessing-DELTA-IMS-from-an-ISPF-options-menu or through the CLIST that you created in Accessing-DELTA-IMS-from-a-CLIST.The Primary Menu is displayed.
Type 5 in the selection field and press Enter.The Customization panel is displayed.
Type 4 in the selection field and press Enter.The User Profile Sort panel is displayed.
Specify the sequence of the fields and press Enter.The Update User Access Profiles panel is displayed.
UR               DELTA IMS DB/DC - Update User Access Profiles
Command ===> _________________________________________________ Scroll ===> PAGE

Use the SAVE or END commands to save all pending changes.
Use the 'INSERT userid imsid' command to add a new user profile; or
Type over any authorization values to change them; or
Type one or more action codes. Then press Enter.
   S=Update command authority D=Delete                          Row 001 of 158
                                                                      More:   +
                                       DELTA Exec Upd     IMS    Allow keyword
                   Last Modification   List   IMS   IMS   Storage A/S/N Table
Act Userid   IMSID Date    /    Time Exc/Chk CMDS Parms Dsply/Zap cmds Suffix
- -------- ---- ----------------- --- --- ---- ----- ----- --- ----- -------
_ AKG*     **** 01/30/95 12:43:02   Y   Y    Y    Y     Y    Y    A
_ ARG      ARG2 01/04/95 15:58:02   Y   Y    Y    Y     Y    Y    A
_ ARG2     RCU3 01/18/95 10:41:49   Y   Y    Y    Y     Y    N    A
_ ARG*     RCU3 01/18/95 10:42:04   Y   Y    Y    Y     Y    N    A
_ ARG*     RCU* 01/18/95 10:42:27   Y   Y    Y    Y     Y    N    A
_ BSM      **** 01/23/95 14:21:28   Y   Y    Y    Y     Y    Y    A
_ BSM*     **** 07/13/94 14:46:56   Y   Y    Y    Y     Y    Y    S
_ CAC*     ISO* 11/08/94 13:49:19   Y   Y    Y    Y     Y    Y    A
_ CAD2     CAD1 08/20/94 13:12:58   N   N    N    N     N    N    A
Note
You can use the INSERT command to add a user access profile from the Update User Access Profiles panel.
Use the following format for the command, where uuuuuuu is a userID and iiii is an IMSID:
INSERT uuuuuuu iiii
You can abbreviate the command to I. Generic characters are allowed.
The following fields are available on this panel:
Act
Type one of the following codes next to the appropriate userID:
- S Review or update the user’s command authority.
- D Delete a profile.
UserID
A specific userID or a masking pattern.
IMSID
A specific IMSID or a masking pattern that can allow the user to access several IMSIDs.
Last Modification Date/Time
The date and time that the userID or IMSID was changed.
DELTA List Exc/Chk
Indicates whether the user can execute or check a DELTA List.
Exec IMS CMDS
Indicates whether the user can issue IMS operator commands. This variable limits IMS commands that are issued from the Execute IMS Command panel only.
Note
Either Execute IMS Command authority or Update Parms authority is required to perform a TSS look-aside refresh.
Upd IMS Parms
Indicates whether the user can perform any of the following functions:
- Reload the product options in an active control region
- Perform log utility functions
- Refresh the CPU ID
- (DELTA IMS only) refresh all TSS look-aside buffers in an active control region
IMS Storage Dsply/Zap
Indicates whether the user can display or apply zaps to IMS control region storage.
Warning
If misused, the Storage Display option can compromise data confidentiality. Users who can display IMS storage can also, if authorized, use the product to alter (or zap) storage. DELTA IMS imposes no restrictions over the MVS operating system or the data or addresses zapped. If misused, a loss of system integrity could result.
Allow A/S/N cmds
A (All) indicates that all IMS commands for the associated userID/IMSID combination are allowed, N (None) indicates that all IMS commands are prohibited, and S (Some) indicates that specific IMS commands are allowed or prohibited.
Note
This field is ignored unless you specify to allow selected IMS operator commands on the Global Options panel. See Setting-global-options。
keyword Table Suffix
The keyword table name suffix that identifies the customized keyword table, if a table has been created and implemented for the userID.

Implementing user access profiles

To create user access profiles

To display existing user access profiles

To update user access profiles

On this page