Each item (e.g. program, file, transaction) to which access is controlled is a called a resource. A resource has a name and a class, which indicates the type of the resource. For example, each enterprise server is a resource, and all enterprise servers belong to the same resource class.
A resource name must be unique within its class. That is, you can define two or more resources with the same name, provided that they belong to different classes.
MSS resources use various class names defined by IBM. Non-MSS resources, such as ES configuration definitions in MFDirectory Server, use resource class names defined by Micro Focus (using syntax that's not permitted for MSS resource class names, to avoid collisions). Users can also define their own resource classes for performing explicit access checks in applications.
When a user requests access to a resource the security facility relays the request to the external security manager, specifying the user, the resource and the resource class. The security manager will then look for resource rules that match the resource name. The processing of a request is dependent on the external security manager.
When Enterprise Server executes application programs in the various MSS processing regimes, it makes the appropriate security queries. This behavior is intended to emulate, as far as is feasible, that found on IBM mainframe platforms. The entities and classes used are specified in the tables listed below.