Security considerations

Because of the importance of resource definitions to your CICSPlex® SM environment, you need to consider carefully the implications of allowing users access to certain types of resource or to certain functions. You can allow a user to have access to all resource definition views and their related administration views, or you can restrict access to the definition views for a particular resource type. You can also define the type of access a user has, for example, one user might have read-only access to connection definition (CONNDEF) and session definition (SESSDEF) views, but update access (which permits creation and administration of resources) to all other resource types. You need to make sure that the BAS views are adequately protected, so that unauthorized users cannot create and administer resources.

You should also take care if you are running CICS TS, and are using the EXEC CICS® CREATE command to build new resources. Any definition created with the CICSplex as the context is automatically distributed to all CMASs in the CICSplex. Therefore, giving a user authority to create BAS objects is potentially equivalent to giving authority to install resources on any CICS system in the CICSplex. When the CICS system starts, there is no check on who installed the resource in the system.

For details on setting up security for CICSPlex SM at your enterprise, see CICSPlex System Manager Managing Business Applications.

[[ Contents Previous Page | Next Page Index ]]