Controlling System Access

Table of Contents

Log-On Policy
Security Value of the Log-On Procedure
Maximum Log-On Attempts
Exceptions to the Log-On Procedure
Multi-Factor Authentication
Configuring Multi-Factor Authentication with a Third-Party Security Platform
Security Support Library
Types of Access Rights
Access Rights Designated in the SYSTEM/USERDATAFILE
Examples of Appropriate USERDATAFILE Attributes
Access Rights Designated in the COMS Utility
Examples of Appropriate Transaction Server Access Rights
Access Rights Associated with CANDE
Role-based Access for Applications

This section introduces the basic concepts of controlling system access. These concepts include

  • Log-on policy

  • Types of system access rights

Basis of System Access Control

System access control is based on user identification, and identification is based on the usercode. A usercode is a string of a maximum of 17 characters that is defined in the USERDATAFILE.

The user access privileges depend on the

  • Access rights associated with the usercode in the USERDATAFILE

  • Access rights associated with the usercode in the Transaction Server

  • Access rights associated with the user's station (remote terminal) in the message control system (MCS) under which the user is running—either Command and Edit (CANDE) or Transaction Server

Only the access rights associated with the user station are independent of the usercode.

When the user enters a usercode during log-on

  • An identity, or session, is established with the system.

  • During the session

    • The user has the access rights associated with that usercode.

    • Files that are created during the session are stored under the usercode.

    • Programs that are run are given the usercode as the value of their USERCODE task attribute.

Prev     Next
Initial Security Configuration Best Practices  Home  Log-On Policy