What governs whether access is granted or denied
Access to a subsystem ssid by an update function in Protected ZDT/IMS Functions with function code fc is governed by the first profile in this list
- FILEM.FUNCTION.fc.ssid
- FILEM.FUNCTION.fc
- FILEM.IMS.UPDATE.ssid
- FILEM.IMS.UPDATE
Access to a subsystem ssid by a read-only function in Protected ZDT/IMS Functions with function code fc is governed by the first profile in this list that has been defined in the FACILITY class:
- FILEM.FUNCTION.fc.ssid
- FILEM.FUNCTION.fc
- FILEM.IMS.RDONLY.ssid
- FILEM.IMS.RDONLY
Security checking for ZDT/IMS functions illustrates the security checking that ZDT/IMS performs when a function in Protected ZDT/IMS Functions attempts to access an IMS™ subsystem.
┌──────────────────────────────────┐
|ZDT/IMS function fc subsystem ssid|
└───────┬──────────────────────────┘
↓
┌──────┴─────────────────────────────────────┐
|Facility FILEM.FUNCTION.fc.ssid Access |
├─────────────┬───────┬────────┬──────┬──────┤ ┌────────┐
| Not defined | Alter | Update | Read | None ├───►┤Rejected|
└──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘ └────────┘
| | | | ┌────────┐
| └────────┴───────┴─────────────►┤Accepted|
↓ └────────┘
┌──────┴─────────────────────────────────────┐
|Facility FILEM.FUNCTION.fc Access |
├─────────────┬───────┬────────┬──────┬──────┤ ┌────────┐
| Not defined | Alter | Update | Read | None ├───►┤Rejected|
└──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘ └────────┘
| | | | ┌────────┐
| └────────┴───────┴─────────────►┤Accepted|
↓ └────────┘
┌──────┴─────────────────────────────────────┐
|Facility FILEM.IMS.name.sid(1) Access |
├─────────────┬───────┬────────┬──────┬──────┤ ┌────────┐
| Not defined | Alter | Update | Read | None ├───►┤Rejected|
└──────┬──────┴───┬───┴────┬───┴───┬──┴──────┘ └────────┘
| | | | ┌────────┐
| └────────┴───────┴─────────────►┤Accepted|
↓ └────────┘
┌──────┴─────────────────────────────────────┐
|Facility FILEM.IMS.name(1) Access |
├─────────────┬───────┬────────┬──────┬──────┤ ┌────────┐
| Not defined | Alter | Update | Read | None ├───►┤Rejected|
└─────────────┴───┬───┴────┬───┴───┬──┴──────┘ └────────┘
| | | ┌────────┐
└────────┴───────┴─────────────►┤Accepted|
└────────┘
Note:
- FILEM.IMS.name is either FILEM.IMS.UPDATE or FILEM.IMS.RDONLY
ALTER, UPDATE or READ access means that the user can use the function. Access NONE means that the user cannot use the function.