VSAM ESM Module

The VSAM ESM Module provides an External Security Manager (ESM) for Enterprise Server which uses a collection of COBOL VSAM (.dat) files to store security configuration information.

The VSAM ESM Module does not currently provide all of the features of the MLDAP ESM Module, it does offer basic authentication and authorization support. It is simpler to set up and use than the MLDAP ESM Module. It does not require any third-party software and does not rely on network connectivity, assuming its files are on the local system, and does not require system-administrator privileges to set up and configure.

The VSAM ESM Module can also be used in conjunction with other ESM Modules by "stacking" multiple security managers in a security configuration. You might find that this is a useful configuration if, for example, most of your security data is in LDAP, but sometimes you need to make small additions without changing the LDAP repository data. It is also possible to stack multiple security managers which use the VSAM ESM Module, for example, to test the effect of new security rules.

The VSAM ESM file directory can be created and administered using the command-line utility, mfsecconv, which supports importing security data defined using a YAML file, and exporting existing security data as well.

The VSAM external security manager consists of two shared libraries:

When configuring a Security Manager to use the VSAM ESM Module, specify vsam_esm as the module name.