Security Considerations

When you run a DATABridge accessory, normal host security restrictions apply. For example, the DATABridge accessory must run under a usercode that has access to the appropriate DMSII DESCRIPTION files, database CONTROL files, and the audit files. All of the typical file access rules of the host apply to the DATABridge Accessories. In other words, security is dependent on the usercode under which DATABridge is run.

Usercodes

We recommend that you install and run DATABridge under a privileged usercode. To run DATABridge under a different usercode from the one under which you installed it requires that you copy DATABridge Engine (DBEngine) to that usercode or establish DBEngine as a system library. For details, see DBEngine Visibility to Accessories and Usercodes.

Guard Files

DATABridge supports MCP guard file validation on the host. Guard files provide controls that restrict access to specific files. For information about setting up guard files, see the DATABridge Installation Guide.

Custom Filtering

DATABridge provides a method for restricting access to certain data sets (or remaps) and certain records within the data sets. You can put these visibility restrictions in a tailored support library via the GenFormat program. Before DATABridge returns a record to the secondary database system, it applies the visibility constraints in the tailored support library. See Creating a Filter.

Logical Databases

You can restrict access to data sets and records by creating a logical database and then running the accessory against the logical database. DBEngine restricts access to data sets and remaps in the logical database. You can specify the logical database when you start the accessories via the WFLs.