IDMS

 View Only

  • 1.  IDMS and Audit process

    Broadcom Employee
    Posted Jul 17, 2020 10:11 AM
    Dear CA IDMS users,

    I would like to know how the CA IDMS community is dealing with audit requests like this:
    - Whenever asked identify what a super user, such as DBAs and AD, is doing in the IDMS production environment? 
    - Alert if some user issued a command, get, update or erase and he is not allowed to do that in the production environment?
    These questions came to us from a Brasilian Bank.. 
    We recommended JREPORTS, but beside those reports someone is using a specific software for that?  Some solution similar to IBM Guardium for DB2 is being used?
    Thanks,

    Hellen Oliveira
    Sr Services Consultant
    Broadcom 

    Office: +55 11 5503-6026 | Mobile: +55 61 99234-7219 |

    Hellen.Oliveira@broadcom.com



    ------------------------------
    Hellen Oliveira
    Sr Services Consultant
    Broadcom 

    Office: +55 11 5503-6026 | Mobile: +55 61 99234-7219 |

    Hellen.Oliveira@broadcom.com

    ------------------------------


  • 2.  RE: IDMS and Audit process

    Posted Sep 10, 2020 08:22 AM

    My answer is always:

    IDMS is not a relational DBMS and it works differently.  Access to data is controlled on a task, program and/or file basis not directly on the records/tables.

    We do not have the SQL option installed for use by the application people or the end-users so that helps a lot.  I think the hardest part is to convince someone that we do not have privileged users in IDMS.  Most relational databases have users that are designated as system administrators, but in IDMS it is the file, program and task privileges that determine what you can do.  If they ask too many questions, send them the IDMS Security Administration Manual.



    ------------------------------
    Tommy Petersen
    ------------------------------

    Original Message


  • 3.  RE: IDMS and Audit process

    Posted Sep 10, 2020 02:35 PM

    Hi Tommy,

     

    I have to add my 3 cents here!

     

    To say that IDMS is not relational is 'misleading' IMO especially from a user's perspective. I guess now we have to delve into the 12 rules of Dr. Codd?

     

    IDMS SQL Option was never planned to be a 'me too' RDBMS. When CA bought Cullinet, the real value to the customer was CA enhancing IDMS to provide a Dual Database Strategy so that an existing IDMS Customer could develop ANSI SQL Applications and Databases as well as provide full SQL access and update to existing IDMS Network Structures.

     

    Internally, it is true that it is implemented differently than other RDBMS as the relational side consists of an implementation of an SQL logical engine.

     

    Yes, there is not a 'super user' but starting with IDMS Release 12 way back in 1992 came a SQL Catalog and provided ANSI  SQL Security. With the SQL Option, this provides FULL runtime and definition occurrence security to the IDMS Tables. And YES, in IDMS and IDMS SQL Option, Users are assigned as  System Administrators as well!

     

    Regards,

    Joseph Perkins (Contractor)

    Sr. CA-IDMS Database Administrator, All in Solutions LLC

    Service Operations – Infrastructure Operations, Veterans Affairs

    Office of Information and Technology, IT Operations and Services

    Office: (530) 260-0165 

    GFE Mobile  (510) 599-6133

     




    Original Message