HLI: Model 204 security: Difference between revisions

From m204wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 27: Line 27:
<li>
<li>
For an IFDIAL thread, supply the login information, as necessary, using the IFWRITE call.</li>
For an IFDIAL thread, supply the login information, as necessary, using the IFWRITE call.</li>
</ul>
===Multi-factor authentication - MFA===
<p>
Support for Multi-factor authentication (MFA) is provided with no updates or parameter changes required to Model 204.  MFA does require that one of the three security interfaces, listed below, be linked into the Model 204 nucleus.  Once a userid is provisioned under MFA, the user acquires a token from a client like IBM Security Verify, installed on the user's mobile device.  That token is then concatenated, with a password or passphrase, to logon to Model 204.  For example: token:password or token:passphrase, where colon (:) is the concatenating character.  That string is passed, unmodified, to the security interface for verification.</p>
<ul>
<li>ACF2
<li>RACF
<li>TopSecret
</ul>
</ul>


Latest revision as of 19:16, 17 November 2023

Overview

This topic briefly describes Model 204 security for application programmers who are using the Host Language Interface facility.

For more information about Model 204 security, see the Security interfaces overview.

See also:

Storing security information (CCASTAT)

Establishing and maintaining security

Using Model 204 security

Model 204 provides a variety of security features that prevent unauthorized use of IDs, files, groups, records, and fields. When a particular security feature is operational, the corresponding access restrictions apply.

Login security

Login security requires you to enter a password when logging in. Only a valid password can gain access to the system. After successfully logging in, you are granted particular privileges.

When login security is in effect, specify login information using the following HLI calls:

  • For an IFSTRT thread in IFAM1, use the IFLOG call to provide login information, as necessary, where the user authorization is to be validated by a security interface.
  • In IFAM2 and IFAM4, specify the login parameter in the IFSTRT call to supply the user ID and password that permit entry to the system.
  • For an IFDIAL thread, supply the login information, as necessary, using the IFWRITE call.

File security

File security requires you to specify a legal password in the IFOPEN call. After you successfully open the file, Model 204 grants you particular file privileges, a user class number, and field security levels.

Group security

Group security requires you to specify a legal password in the IFOPEN for the file group.

Record security

Record security limits access to records by allowing you to retrieve and update only records that you have stored in the file or that users can share.

Field-level security

Field-level security protects fields in a file. Field access levels are assigned when you open a file or group. Specify the security level associated with a field in the IFDFLD call.

Terminal security

Terminal security allows particular login user IDs and particular files and file groups to be accessed only from specific Model 204 threads.

See also

Retrieved from "https://m204wiki.rocketsoftware.com/index.php?title=HLI:_Model_204_security&oldid=120016"