Security for new SPI and CEMT commands
New predefined RACF® resource
names control access to the following resources using the SPI and CEMT:
New category 1 transaction
The new CWXU transaction
is for CICS® internal
use, and should not be invoked from a user terminal. For security purposes,
it is a category 1 transaction.
New global user exits
When CICS is an HTTP client, the new global
user exits XWBOPEN (on the WEB OPEN command) and XWBSNDO (on the WEB SEND
command) enable you to apply a security policy to the host name and path specified
for outbound HTTP client requests from CICS.
Changes to global user exits describes
these new exits.

Security for static responses by CICS as
an HTTP server
You can deliver CICS documents and HFS files as static
responses to requests from Web clients, by setting up URIMAP definitions that
supply the response without calling a user-written application program. When
you deliver items as a static response, HTTP basic authentication does not
operate. This means that resource level security, with access controls based
on a user ID, cannot be applied to items delivered as a static response. If
the items require authentication or resource level security, you need to deliver
the material as an application-generated response. When an application-generated
response is used, basic authentication can be used, and the user ID from basic
authentication can be applied to the alias transaction that covers processing
by the user-written application program, so you can grant or deny access to
the specific resources and commands used by the application program.
