IMS Security - Enforcive

IMS is short for IBM's Information Management System. It includes both a transaction server and database management system, but in this article, we look at the IMS database used under the CICS transaction server from the point of view of enhancing IMS security.

The IMS database is referred to also as DB1, since DB2 was given to IBM's relational database system, developed later. IMS is a hierarchal database in which the basic model is comprised of segments each starting with a root segment and broken down in sub-segments or fields. It supports also the idea of logical relationships whereby different segments from the same or different root structures can be joined, to form new entities.

The IMS Database Manager handles database requests to the IMS database and other data bases following the same IMS architecture. It provides access to these databases from applications running under CICS, the IMS TS and under batch. The IMS DBM safely allows multiple tasks (batch and/or online) to concurrently access and update the data. Other IMS utilities include backup and recovery services and tools for reorganizing and restructuring the database.

Basic DB security is provided in the IMS database in the form of terminal security and the IMS Security Maintenance utility (SMU), a mechanism that creates secured resource tables to be loaded at system start up.

Fully-fledged security products like Enforcive/Security for CICS-MVS (SAFE) and IBM's RACF provide enhanced security capabilities not available in IMS standard SMU security features. They enhance IMS security by allowing multiple subsystems to be controlled by a single product and they introduce important security functions such as user identification, encrypted passwords, password policy and multi-level resource protection.

IMS security is provided in the ability to define access for an authenticated user to IMS records according to rules you define, based on the data in the records and independent of the application. Fields and even sub-fields in IMS segments can be masked so the user cannot view them. Also segments can be protected by preventing their update by certain users. Users can be created and managed in the product, or existing RACF users can be used to ensure password unity across systems.

User-level security can be applied through the product's user-friendly interface to all resources including transactions, programs, terminals, files and IMS records and fields. Additional features include administrator audit and real-time event monitoring to facilitate your security audit, and a menu generator.

Contact us now for more information on IMS security and Enforcive mainframe security software products.

See also: