Removal of the IMS SECURITY macro

To reduce the dependency on system generation, IMS Version 13 removes the support for the SECURITY stage-1 system definition macro.

Most security options that were previously specified by using the SECURITY macro are now specified by using the following initialization parameters ISIS, RCLASS, RCF, SECCNT, SGN, and TRN.

With the removal of the SECURITY macro in IMS Version 13, you no longer need to specify the use of the Signon/off Security exit routine (DFSCSGN0) and the Transaction Authorization exit routine (DFSCTRN0) during system definition or system startup. Instead, if the exit routines are linked in one of the STEPLIB or LINKLIST libraries, IMS loads the exit routine. There are no startup parameters to specify to load the routines. For more information about the changes to the security exit routines, see DFSCSGN0, DFSCTRN0, and DFSCTSE0 security exit routine enhancements.

If the SECURITY macro is specified in the IMS Version 13 system definition stage 1 input stream, message G115 is issued and the macro statement checking ends with a return code of 2.

The RCLASS parameter is added to the DFSPBxxx PROCLIB member. The SECCNT parameter is added to the DFSDCxxx PROCLIB member.

The Syntax Checker is enhanced in IMS Version 13 to support the RCLASS and SECCNT initialization parameters.

Migration considerations

IMS Version 12 was the last version of IMS to support the SECURITY macro. You can use initialization parameters to specify most options that were previously specified on the SECURITY macro keyword values.

If you have not already done so in your IMS Version 11 or IMS Version 12 system, you must move your RCLASS, SECCNT, SGN, and TRN parameter specifications from the SECURITY macro to the DFSDCxxx or DFSPBxxx PROCLIB members.

SIGNEXIT and TRANEXIT parameter specifications are no longer used. To use the Signon/off Security exit routine (DFSCSGN0) and Transaction Authorization exit routine (DFSCTRN0), link them in one of the IMS STEPLIB libraries or in LINKLST. IMS automatically loads and uses the exit routines that are linked in one of the IMS STEPLIB libraries or in LINKLST. A new message, DFS1937I, is issued for every security exit routine that is loaded.

In IMS versions earlier than IMS Version 13, if DFSCTSE0 was used, you included the CSECT in DFSCTRN0. Now, all the security exit routines can be linked independently.

For more important information about migrating the security exit routines, see DFSCSGN0, DFSCTRN0, and DFSCTSE0 security exit routine enhancements.

For more migration information, see Security enhancements migration considerations.

Coexistence considerations

Impact to installing and defining IMS

The following parameters are added to members of the IMS PROCLIB data set:

SECCNT

The SECCNT parameter is added to the DFSDCxxx PROCLIB member. This parameter specifies:

• The maximum number of terminal and password security violations to be accepted per physical terminal
• The number of transaction command violations per transaction prior to master terminal notification of such violations

RCLASS

The RCLASS parameter is added to the DFSPBxxx PROCLIB member. This parameter specifies a 1- to 7- alphanumeric character identifier that is used by RACF® for transaction authorization and user ID verification.

Impact to administering IMS

The communications and connections and system administration information is updated to reflect the removal of the SECURITY macro.

Impact to troubleshooting for IMS

For a complete list of new, changed, and deleted messages, and abend codes for IMS Version 13, see Message and code changes in IMS Version 13.

Impact to commands

The /ERESTART and /NRESTART commands are updated to reflect the removal of the SECURITY macro.

Documentation changes

The following publications contain new or changed information for the XYZ enhancement. Publications that are not impacted by the enhancement are not included in the table.