The INCONTROL family of products can be protected like any other standard facility in a data center. INCONTROL has built-in security interfaces to RACF, CA‑ACF2 and CA‑TopSecret. In most cases, you are not required to customize the security modules.
This chapter describes the procedure used to install the security interface for the IOA component.
Security Modules: Each IOA function invokes a security module that verifies if a specified user is authorized to perform a specific function (such as, add, modify, and delete) and determines if the action is permitted or denied. Security modules are used to control access to the various protected elements.
User Exits: User exits are invoked before the security modules to allow the user to perform any required user functions that are not related to security. However, the user exits can be customized so that both user and security functions are performed by either or both modules. It is recommended that you separate the functions because some user exits cannot perform security functions. For more information, refer to the descriptions of each security module later in this guide.
IOASECUR Module: When any interaction with the security product is required, the common security services module, IOASECUR, is invoked. This module is invoked each time an INCONTROL product requires a security service. For example, to create the security environment, check a user’s authority, extract user information, or delete a security environment.
The IOASECUR module determines which security product the site is using (RACF, TopSecret, or ACF2), and invokes the relevant IOA security interface module (IOARACF, IOATSS, or IOAACF2).