Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. DTL__CAPXTIMESTAMP Time Stamps
  15. PowerExchange Glossary

PowerExchange Security Overview

PowerExchange Security Overview

You can use PowerExchange security options to authenticate users for connection to a PowerExchange Listener and to authorize user access to resources that are required by PowerExchange jobs and tasks.
PowerExchange security options are available for all operating systems. Some security options are specific to an operating system or data source type.
The SECURITY statement in the DBMOVER configuration file determines the level of security that PowerExchange provides.
Optionally, on all operating systems, PowerExchange can use its selective sign-on capability to authorize user connection to PowerExchange. When a PowerExchange Listener accepts a connection over TCP/IP, PowerExchange checks the sign-on file to verify access for the user ID and optionally the IP address.
On i5/OS, PowerExchange provides the following security options:
  • PowerExchange can use operating system facilities to authenticate user IDs and passwords for connection to PowerExchange. Also, PowerExchange can use the specified user IDs to check authority to access resources that PowerExchange jobs and tasks need to use.
  • If a PowerExchange process is the target of a pwxcmd command, PowerExchange can require a valid operating system user ID and password on the command. PowerExchange can use operating system facilities on the target system to authenticate user IDs and passwords for use of the pwxcmd program.
  • PowerExchange can use security objects to control access to LISTTASK and STOPTASK commands issued through the iSeries SNDLSTCMD interface, the PowerExchange Navigator, or the DTLUTSK utility to a PowerExchange Listener running on i5/OS.
  • PowerExchange can use security objects to control access to pwxcmd commands issued to a PowerExchange process running on i5/OS.
    PowerExchange does not use the sign-on file to control access to pwxcmd commands issued to a PowerExchange process running on
    i5/OS
    .
On Linux, UNIX, and Windows, PowerExchange provides the following security options:
  • If a PowerExchange process is the target of a pwxcmd command, PowerExchange can require a valid operating system user ID and password on the command. PowerExchange uses operating system facilities on the target system to authenticate user IDs and passwords for use of the pwxcmd program.
  • If a PowerExchange application service in the Informatica domain is the target of an infacmd pwx command, PowerExchange can require a valid operating system user ID and password on the command. PowerExchange uses operating system facilities on the target system to authenticate user IDs and passwords for use of the infacmd pwx program. For more information about application services, see the
    Informatica Administrator Guide
    . For more information about infacmd pwx commands, see the
    Informatica Command Reference
    .
  • PowerExchange can use AUTHGROUP and USER statements in the sign-on file to control access to infacmd pwx commands and pwxcmd commands. You send infacmd pwx commands to a PowerExchange application service and pwxcmd commands to a PowerExchange process that is not managed by an application service.
  • On Windows, PowerExchange can use the AUTHGROUP and USER statements in the sign-on file to authorize use of PowerExchange Listener LISTTASK and STOPTASK commands issued through the PowerExchange Navigator.
On z/OS, PowerExchange provides the following security options:
  • PowerExchange can use operating system facilities to authenticate user IDs and passwords for connection to PowerExchange. Also, PowerExchange can use the supplied user IDs in conjunction with a z/OS security product such as RACF or ACF2 to check authority to access resources that PowerExchange jobs and tasks need. PowerExchange provides source-specific security options for Adabas, Datacom, DB2, and IMS.
  • If a PowerExchange process is the target of a pwxcmd command, PowerExchange can require a valid operating system user ID and password on the command. PowerExchange uses operating system facilities on the target system to authenticate user IDs and passwords for use of the pwxcmd program.
  • PowerExchange can use resource profiles to control access to LISTTASK and STOPTASK commands that are issued through the PowerExchange Navigator or the DTLUTSK utility to a PowerExchange Listener running on z/OS.
  • PowerExchange can use resource profiles to control access to pwxcmd commands issued to a PowerExchange process running on a z/OS system.
    PowerExchange does not use the sign-on file to control access to pwxcmd commands issued to a PowerExchange process running on
    z/OS
    .