IMS Version 9 (V9) was the last release of IMS to support the Security Maintenance Utility (SMU). New facilities were introduced with that release so SMU usage can be replaced with any security product that uses the System Authorization Facility (SAF). Customers can migrate to RACF equivalent security while they’re still using IMS V9; however, they must migrate to RACF equivalent security before migrating to IMS 10.
Enhancements to the SAF interface support aspects of security that SMU previously handled. The following aspects of security were affected:
- Resource Access Security Application Group Name (AGN)
- Automated Operator Interface (AOI)
- Logical Terminal (LTERM) security
- Terminal security for Time-Controlled Operations (TCO)
- Sign-on verification
- MSC link receive security
- /LOCK, /UNLOCK, and /SET command security.
IBM has provided a set of utilities to assist in the conversion of an SMUbased security system to RACF-based security. The main purpose of the utilities is to assist in generating RACF resource profiles and user profiles from SMU data, and some labor-intensive changes to Stage 1 system definition macros. The utilities are available as Program Temporary Fixes (PTFs) to IMS V9 and V10, and are documented in the IMS Utilities Reference: System manual.
The utilities consist of a set of programs to read SMU control statements and Stage 1 system definition macros to create:
- Comparable RACF control statements
- Changes to Stage 1 system definition macros
- Stage 1 analysis reports (checklists for conversion).
Control statements or system definition macro changes generated by the utilities can be created prior to actual implementation, although they can’t be activated for any IMS release prior to V9.
Not all the changes required to implement such security are performed by the utilities; the utilities were designed to perform the manual, effort-intensive changes. Additionally, the generated RACF statement may require further editing, as there will be parameters in the RACF statements for which there were no counterparts in the SMU source, such as specific user ids and passwords, owner ids, etc. The utilities don’t change any values in the Stage 1 SECURITY macro, nor do they perform any changes to IMS.PROCLIB members. The utilities don’t generate any user exit code. The utilities create control statements and system definition macro changes to assist in the conversion of the first five security aspects previously listed. No conversion is performed for MSC link receive security or /LOCK, /UNLOCK, /SET security issues, although the Stage 1 analysis report includes sections describing activities related to these security aspects, too.
The utilities perform these conversions of SMU to RACF syntax:
- )( AGN (with AGLTERM, AGPSB, AGTRAN options) RACF TIMS, GIMS, IIMS, JIMS, LIMS, MIMS
- )( TERMINAL (COMMAND and TRANSACT options) RACF DIMS, CIMS, TIMS resource class conversion
- )( COMMAND (TERMINAL options) RACF LIMS, CIMS, DIMS resource class conversion
- )( TRANSACT (TERMINAL options) RACF LIMS, TIMS, resource class conversion
- )( CTRANS and )( TCOMMAND RACF DIMS, CIMS, TIMS resource class conversion.
The utilities perform these conversions of Stage 1 system definition macros:
- )( CTRANS and )( TCOMMAND: Stage 1 system definition AOI= Conversion (on TRANSACT macro)
- )( SIGN: Stage 1 system definition OPTIONS=SIGNON Conversion (on the TERMINAL macro).
Additionally, the utility reads Stage 1 system definition macros to generate a checklist report to provide some guidance in performing the SMU-to-RACF conversion. Parameters read from Stage 1 and control statements are combined to prepare the report. The report contains a section related to each of the aspects of security previously listed, including those for which there’s no additional utility support because the steps aren’t manual effort-intensive.
The following discussion of the various security aspects includes some examples of SMU-to-RACF conversion, but aren’t meant to be all-inclusive. The conversion utilities are control statement- driven and have multiple variations of output. Consult the IMS Utilities Reference: System manual for a more definitive list of control statements and output examples.