Table 13-5. Attributes Used to Set Security
|
Service Attribute
|
Description
|
|
|
Specifies a list of application IDs for the service attribute.
|
|
|
Specifies an application ID that is automatically generated by the ODBC Client to identify the client application to the SequeLink service.
|
|
|
Specifies the method to be used to log on to the data store.
|
|
|
Specifies the name of a user ID (UID) map. UID maps can be referenced at both the service and data source level. The valid value is a defined UIDMap name.
|
|
|
Specifies a general resource class name to be used by the server.
|
|
|
Enables authorization for the SequeLink agent.
|
|
|
Specifies a general resource class name used by the SequeLink Server when authorization is enabled.
|
|
|
Enables authorization for data access to the service.
|
|
|
If MVSServiceAuthorization is enabled, the resource name is used to validate a connection request against the z/OS security system. If the attribute's value is blank or an empty string, the server uses the service name as the resource name to be checked.
|
|
|
Enables authorization for data access to the server data source.
|
|
|
Specifies authentication mechanisms that the SequeLink Manager can use to authenticate itself to the server.
|
|
|
Sets authorization for users who are allowed to manage SequeLink services using the SequeLink Manager.
|
|
|
Sets authorization for defined Linux, UNIX, and Windows user groups who are allowed to manage SequeLink services using the SequeLink Manager.
|
|
|
Specifies a service principal name other than the default service principal name to be used for Kerberos authentication for the SequeLink Agent service.
|
|
|
Specifies one or multiple authentication mechanisms the service accepts.
|
|
|
Specifies one or multiple client TCP/IP network identifiers that are allowed to access the service using an administrator client.
|
|
|
Specifies client TCP/IP network identifiers to limit the number of clients that are allowed data access connections to data access services.
|
|
|
Specifies the data scrambling algorithm used when sending requests or replies across the network between client and server.
|
|
|
Specifies the case-sensitive service principal name to be used for Kerberos authentication to the SequeLink data access service on Linux/UNIX/Windows.
|
|
|
Specifies the supported cipher suites. The default is TLS_DH_anon_WITH_AES_128_CBC_SHA.
|
|
|
Specifies whether SSL or TLS is enabled for the SequeLink service. The default is false.
|
|
|
Specifies the maximum number of SSL or TLS session identifiers that are cached on the SequeLink Server before the sessions are flushed from the cache.
|
|
|
Specifies the maximum time in seconds to keep a SSL or TLS session in the SequeLink Server session cache. The default is 300 seconds.
|
|
|
Specifies the version of the SSL standard that is used for encryption. The default is TLS 1.0.
|
|
|
Sets authorization for users who are allowed to access the service for data access. The setting can be affected by the value of ServiceAuthMethods.
|