The following rules apply when transferring data:

  • The data to be transferred may contain objects to which the current user does not have READ access. It is also possible that due to selection criteria the data to be transferred only contains objects to which the user has READ access.

  • Error processing is only performed for objects that are contained in the data to be transferred and for which the user does not have READ access.

For function Export/Unload, the user needs READ access; for functions Import/Load and Test ADD or MODIFY access is necessary.

This document covers the following topics:

Security Checks when working with different FDICs

When data is transferred to or from another FDIC, the data are checked against the corresponding security definitions in Natural Security. The database and file number of the Natural Security file is specified with parameters General Defaults > Protection > DBnr/Fnr of NSC file.

The following rules apply:

  • For function Export/Unload, security checks are performed against the NSC file of the source FDIC.

  • For functions Import/Load and Test, security checks are performed against the NSC file of the target FDIC.

  • Source and target FDICs do not necessarily have to have the same NSC file.

Security Checks at Function Level

To disallow the Coordinator completely, you must disallow the library SYSDICBE in Natural Security. If some users are permitted to execute the extract maintenance function Export Extract but not the Coordinator itself, disallow the program MAIN in library SYSDICBE, and not the entire library.

Authorizations at function level are required to define different access rights for functions Import/Load and Export/Unload. See Coordinator.

No Security Protection for Coordinator FDIC

The Coordinator FDIC is not protected by Predict security.

The function Clear deletes the Coordinator FDIC and releases this file for another import/load operation. The user can only apply this function to an FDIC he created himself by starting an import/load operation. A locked Coordinator FDIC created by another user must be released with the Special Function. See Refresh Coordinator FDIC in the section "Special Functions" in the "Predict Administration documentation". This special function can be protected with the security object SPECIAL-REFRESH.

Security Definitions at Object Level


If the user does not have READ access to an object to be exported/unloaded, the object is logged in a Report Listing and taken out of the set of objects to be transferred. The export/unload operation is not terminated.

If IMS objects (databases or files) are to be exported/unloaded and the user does not have READ access to every IMS object, the entire IMS structure is removed from the set of objects to be exported/unloaded.


ADD or MODIFY access is required depending on whether a new object is added or an existing object overwritten.

When an object is renamed during import/load, the user needs MODIFY access to the old ID and ADD access to the new ID.

The security checks for the Import/Load function represent the second phase of the Coordinator (Conflict Management) have been successfully performed and all conflicts resulting from the Unique ID, have been resolved. When the first two phases of the cycle have been successfully completed, the third phase - Consistency Check - is performed. For more information see the Predict Coordinator documentation.

If the user does not have sufficient access to an object in the set of objects to be imported/unloaded, this object is logged. All other objects are checked, but the import/load operation is interrupted. The user can either acquire the necessary access in the MAIN-FDIC or remove the objects to which he does not have access from the set of objects to be imported/loaded in the Coordinator FDIC.

Importing/Loading Placeholders

Because placeholder objects cannot replace other objects, these objects can only be added. ADD access is not checked, however.

When a placeholder is replaced by a 'proper' object, the system checks for ADD access (and not MODIFY access).