SNA connection security

SNA connections enforce link security to restrict the resources that can be accessed over a connection to a CICS server, bind security to prevent an unauthorized client system from connecting to CICS, and user security to restrict the CICS resources that can be accessed by a user.

Link security

Link security prevents a remote user from attaching a transaction or accessing a resource for which the link user ID has no authority. When link security is in use, each session is given an authority defined by a link user ID. All sessions in a connection can have the same link user ID, or different groups of sessions within the connection can have different link user IDs. It is also possible to specify that some groups of sessions should use link security, and that others should not.

To specify link security, set a link user ID in the SECURITYNAME parameter of the CONNECTION definition on the CICS server, or specify a USERID parameter in the SESSIONS definition on the CICS server.

If a failure occurs in establishing link security, the link is given the security of the CICS server's default user.

Bind security

Bind security prevents an unauthorized remote system from connecting to CICS. For SNA, this is termed session security and a check is made when there is a request to establish an SNA session with a remote system; that is, when the session is bound. For SNA sessions to CICS, bind security is controlled in VTAM and in Communications Server using SERVAUTH profiles.

User security

User security requires that incoming transaction attach requests supply a user ID and password. User security can never increase a user's authority above that of the link. Specify the ATTACHSEC=VERIFY on the CONNECTION definition on the CICS server. If user security is not required set ATTACHSEC=LOCAL. SNA connections do not support the use of ATTACHSEC=IDENTIFY.


Information Information

Feedback


Timestamp icon Last updated: Tuesday, 19 November 2013


https://ut-ilnx-r4.hursley.ibm.com/tg_latest/help/topic/com.ibm.cics.tg.doc//ctgunx/secure_conn_sna.html