CEDF | target transaction | Security checking |
---|---|---|
CMDSEC(YES) | CMDSEC(YES) | Any access to CICS commands causes a security check. |
CMDSEC(YES) | CMDSEC(NO) | Any access to CICS commands causes a security check. |
CMDSEC(NO) | CMDSEC(YES) | Any access to CICS commands causes a security check. |
CMDSEC(NO) | CMDSEC(NO) | Access to CICS commands does not cause a security check. |
To achieve the expected security processing for a transaction when it runs under CEDF, ensure that CMDSEC for the CEDF transaction definition is set to NO. The IBM®-supplied definition of CEDF in the DFHEDF group specifies CMDSEC(YES). Definitions in the IBM-supplied groups cannot be modified, so to change the definitions, copy them to another group.
When CEBR or CECI is invoked from within EDF it is transaction-attach checked. In the same environment the CMDSEC and RESSEC definitions are forced regardless of what is coded in their transaction definitions.