When CICS® receives a function-shipped request, the transaction that is invoked is the mirror transaction. The CICS-supplied definitions of the mirror transactions all specify resource security checking, but not command security checking. This means that you are prevented from accessing the remote resources if the link does not have the necessary authority.
Note that transaction routing across LU6.1 links is not supported.
If the CICS-supplied definitions of the mirror transactions are not what your security strategy needs, you can change them by copying the definitions in group DFHISC into your own group, changing them, and then reinstalling them. For more information, see Category 2 transactions.
If you include a remote resource in your resource definitions, you can arrange for security checking to be done locally, just as if the resource were a local one. Also, the system that owns the resource can be made to apply an independent check, if it is able to receive the user identifier. You can therefore choose to apply security restrictions on both sides, on either side, or not at all.
The transaction in the AOR issues EXEC CICS READ FILE('RFILE') specifying the SYSID option. Resource security checking is not performed for file RFILE.
The request is transmitted to the FOR, where resource security checking is performed for file LFILE.