Each link between systems is given an authority defined by a userid.
It is important to note that users cannot access any transactions or resources
over a link that is itself unauthorized to access them. This means that each
user's authorization is a subset of the link's authority as a whole.
To limit the remote system's access to your transactions and resources,
you use
link security. Link security is concerned with the single user profile that
you assign to the remote system as a whole. Like user security in a single-system
environment, link security governs:
- Transaction security. This controls the link's
authority to attach specific transactions.
- Resource security. This controls the link's
authority to access specific resources. This applies for transactions, executing
on any of the sessions from the remote system, that have RESSEC(YES) specified
in their transaction definition.
- Command security. This controls the link's authority
for the commands that the attached transaction issues. This applies for transactions,
executing on any of the sessions from the remote system, that have CMDSEC(YES)
specified in their transaction definition.
- Surrogate user security. This controls the link's
authority to START transactions with a new userid, and to install resources
with an associated userid.