Using Single Sign On for more security
wonder how I reached SSO( single sign On).... Actually if you are very keen about the priviledges to the Hosts , which is obviously everyone is, then you can even use Single sign on meaning a particulat user on Windows Active directory can be assigned with a particular user on Host / Maniframe AS 4000 etc.
this would give securrity and integrity of user accesses.
1. get Microsoft's SSO installed on a server where HIS 2006 is installed
2. configure an SSO App and assign rights accoridngly . you may want to refer the samples on MSDN to do it .
Creating Affiliate Applications :
http://msdn2.microsoft.com/en-us/library/aa561920.aspx
3. Configure the Host file provider or SNAOLEDB connection string to use Signe Sign on and this application say "APP_Test"
Provider=SNAOLEDB;User ID=sna;APPC Remote LU Alias=TEST;APPC Local LU Alias=LOCAL;APPC Mode Name=QPCSUPP;Network Transport Library=SNA;Host CCSID=37;PC Code Page=1252;Network Port=446;Process Binary as Character=False;Affiliate Application=APP_Test;Integrated Security=SSPI;Persist Security Info=False;Cache Authentication=False;Location=CONDOR;Default Library=USER1;Repair Host Keys=False;Strict Validation=False;
Notice Affiliate Application=APP_Test . If your application using this connection string to get or put data from mainframe and application user is say loguser1 on Windows Active directory then in APP_Test one should configure and map this user to give access to a desired parallel user on mainframe or host.
