Security managers process the security queries generated by the ESF, and return either an allow, deny or unknown status. You can configure multiple security managers in an installation;'s security manager pool. From the pool, you can create a default list of the security managers to use, and lists for individual Enterprise Servers.
The ESF sends security queries to the security managers in the order in which they are configured in the list.
You configure Enterprise Server to:
Enterprise Server includes the following security managers that you can configure and use:
This security manager provides access to the Windows operating system's user configuration. You can use it to authenticate Windows users, determine a user's access level and apply permissions accordingly.
This security manager allows you to integrate your Enterprise Server security with an LDAP. You can use mldap_esm with both Microsoft Active Directory, and other LDAPs, for example OpenLDAP. With mldap_esm, you can implement access control for users, and for the resources and files that an application uses.
Directory Server security can be implemented hrough the MFDS internal security manager. This security manager is used for Directory Server when no other security manager is present in its security manager list. It allows you to define users and groups, and restrict access to Enterprise Server administration functions.
The CAS ESM Module (casesm) uses the Enterprise Server legacy security definitions (stored in the CICS resource tables). This is the model used in earlier releases (5.0 and lower),
This allows you to use any security configurations from software releases prior to release 5, that uses the current architecture.
In addition to the above, a security managers can be anything that can process the API security queries that the ESF generates, and can return results to the ESF. You can develop a security manager to suit your requirements. A security manager could be a database, a directory, or an operating system mechanism