Obsolete attributes retained for compatibility

The attributes described here are not valid in CICS® Transaction Server for z/OS®, but are supported to provide CSD compatibility for earlier releases of CICS where they are still valid. See Compatibility mode (CSD file sharing) for more information on compatibility mode.

Table 1 shows which resource or resources each attribute is associated with, and which release or releases it was supported in.

BINDPASSWORD(password) (APPC only)
A password of up to 16 hexadecimal digits (0-9, A-F). A password of fewer than 16 digits is padded on the right with hexadecimal zeros.

CICS masks the password you supply to avoid unauthorized access. You should therefore find a safe way of recording the password.

If you supply a password, an identical password must be supplied in the remote system to ensure bind-time security, allowing a connection to be established.

Start of changeCONSOLE({NO|number})End of change
Start of changeFor migration purposes, it is possible to define a console using CONSOLE(number). However, when several MVS™ images are united to form a sysplex, the assignment of console identification numbers depends on the order in which the MVS images are IPLed. The identification numbers are determined from the sequence in which they are encountered in the several CONSOLnn members for the MVS images. Therefore, you are recommended to identify console devices attached to the sysplex by CONSNAME instead of CONSOLE. The results of using CONSOLE may be unpredictable.

Code a number in the range 01 through 250, but not 128. However, before you can use the console, it must be either defined to MVS in the CONSOLnn member of SYS1.PARMLIB or dynamically allocated by a product such as NETVIEW.

If you specify this attribute, do not specify CONSNAME.

End of change
EXTSEC({NO|YES})
specifies whether an external security manager (for example, RACF®) is to be used for transaction security or resource security checking.
NO
Only the security facilities provided by CICS are used by this transaction.
YES
An external security manager may be used by this transaction.
INDOUBT({BACKOUT|COMMIT|WAIT})
specifies the action required if the transaction is using intercommunication, and abends at a critical time during syncpoint or abend processing. For guidance on using the INDOUBT option, see the CICS Intercommunication Guide.
BACKOUT
The effects of the transaction are backed-out. This must be specified for recoverable files.
COMMIT
The effects of the transaction are committed. Use INDOUBT(COMMIT) if you do not want dynamic transaction backout.
WAIT
Changes to recoverable temporary storage are locked until the session is recovered. The resources are then committed or backed out in step with the remote system.
INSERVICE({YES|NO})
specifies whether the session(s) can be used for communication. This attribute applies only to LUTYPE 6.1 ISC sessions. It is invalid for LUTYPE 6.2, and is ignored for MRO sessions. For MRO the status (in service or out of service) is determined by the status of the corresponding MRO CONNECTION.
YES
Transactions may be initiated and messages may automatically be sent across the session(s).
NO
The session(s) can neither receive messages nor transmit input.
LOGMODECOM({NO|YES})
LOGMODECOM indicates LOGMODE compatibility. It shows whether CICS is to make LOGMODE work the way it does in releases earlier than CICS/ESA 4.1. This parameter is not available in releases later than CICS/ESA 4.1.
LOGMODECOM(NO)
is the default and causes LOGMODE(0|name) to work as described under LOGMODE.
LOGMODECOM(YES)
causes LOGMODE(0|name) to work as it did in releases before CICS/ESA 4.1 for non *XRF-capable terminals. LOGMODECOM(YES) is ignored for XRF-capable terminals. Use this parameter only in exceptional circumstances - see the CICS/ESA 4.1 Migration Guide and the CICS/ESA 4.1 Resource Definition Guide for a fuller explanation.
OMGINTERFACE(text)
Defines a pattern that may match the IDL interface name. The maximum length of this field is 31 characters. This field is obsolete and retained only for compatibility with previous releases of CICS Transaction Server.
OMGMODULE(text)
Defines a pattern that may match the qualified module name (coded in CORBA IDL), which defines the name scope of the interface and operation whose implementation is to be executed. This field is obsolete and retained only for compatibility with previous releases of CICS Transaction Server.
OMGOPERATION(text)
Defines a pattern matching the IDL operation name. The maximum length of this field is 31 characters. This field is obsolete and retained only for compatibility with previous releases of CICS Transaction Server.
OPERID(code)
specifies the 3-character operator identifier associated with the sessions. Use OPERID if you are not specifying SECURITYNAME on the CONNECTION definition. Specifying OPERID is the only way of having an operator identifier if you have preset security (by specifying OPERRSL and OPERSECURITY).
OPERPRIORITY({0|number})
specifies the operator priority code to be used to determine the task processing priority for each transaction attached to the sessions. The code may be any value from 0 through 255. Use OPERPRIORITY if you are not specifying SECURITYNAME on the CONNECTION definition. Specifying OPERPRIORITY is the only way of having an operator priority code if you have preset security (by specifying OPERRSL and OPERSECURITY).
OPERRSL({0|number[,...]})
specifies the resource security key for these sessions.
number[,...]
Code the preset resource security keys for these sessions. The OPERRSL keys are checked to see that they include the resource RSL value, by transactions that request RSL checking (RSLC(YES)). They are referenced for function shipping and distributed transaction processing requests. The OPERRSL keys comprise one or more decimal values from 1 through 24. You can specify more than one value as an inclusive range, using a dash (for example: 5-12), or as a series of numbers separated by commas, for example: 5,6,7,8,9,10,11,12. These two examples are equivalent. You can use dashes and commas in the same specification if you need to.

Specify OPERRSL keys if you are not specifying SECURITYNAME on the CONNECTION definition. However, if you specify OPERRSL keys for the sessions, you cannot have a sign-on, using SECURITYNAME, when the link is established. Note that the OPERRSL keys give access only to resources with the RSL values actually specified in the OPERRSL keys, not to resources with lower RSL values.

0
The sessions have no OPERRSL keys specified and do not have access to any resources through transactions with RSLC(YES), except resources with RSL(PUBLIC).
OPERSECURITY({1|number[,...]})
specifies the preset transaction security keys for the device. The transaction security keys are checked to see that they include the security value (TRANSEC) for a transaction about to be attached. They are referenced for function shipping and distributed transaction processing requests.

The security keys comprise one or more decimal values from 1 through 64. You can specify these values in the same way as for OPERRSL, above. In addition to the values you specify, a value of 1 is also assumed. The default value of 1 gives access to all unsecured transactions, because the default TRANSEC value is 1. For example: 5-10,12 is translated into: 1,5,6,7,8,9,10,12.

Use OPERSECURITY if you are not specifying SECURITYNAME on the CONNECTION definition. However, if you specify OPERSECURITY keys for the sessions, you cannot have a sign-on, using SECURITYNAME, when the link is established.

Start of changeOUTPRIVACY(SUPPORTED|NOTSUPPORTED|REQUIRED)End of change
Start of changereflects the level of SSL encryption required for inbound connections to this service that is specified by the CIPHERS attribute.
During the SSL handshake, the client and server advertise which cipher suites they support, and, from those they both support, select the suite that offers the most secure level of encryption. For more information about cipher suites, see the CICS RACF Security Guide.
NOTSUPPORTED
Encryption is not used. During the SSL handshake, CICS advertises only supported cipher suites that do not provide encryption.
REQUIRED
Encryption is used. During the SSL handshake, CICS advertises only supported cipher suites that provide encryption.
SUPPORTED
Encryption is used if both client and server support it. During the SSL handshake, CICS advertises all supported cipher suites.
End of change
PORT(number)
specifies the TCP/IP port number to be used for non-SSL communication to this logical EJB/CORBA server. The port number must be in the range 1–65535. The default is 00683.

You must not specify the same port number for PORT and SSLPORT.

If you install a TCP/IP service on this port, the TCPIPSERVICE definition must specify SSL(NO).

PRIMEDSIZE({0|value})
specifies the primed storage allocation size in bytes.
0
CICS takes care of the storage for the control blocks.
Note: Leave PRIMEDSIZE as 0 if this TRANSACTION definition has been migrated with ANTICPG=YES.
value
This value must not exceed 65520 bytes and, if specified at all, must include an allowance of 2800 bytes for CICS control blocks, and an allowance for the size of the TWA.

Storage acquired by a GETMAIN within the primed storage area is never freed (that is, the corresponding FREEMAIN is ignored).

Note that storage accounting areas within the primed storage allocation are doubleword-aligned, instead of the normal double-doubleword-aligned.

Start of changePRIVACY(REQUIRED|SUPPORTED|NOTSUPPORTED)End of change
Start of changereflects the level of SSL encryption required for inbound connections to this service that is specified by the CIPHERS attribute.
During the SSL handshake, the client and server advertise which cipher suites they support, and, from those they both support, select the suite that offers the most secure level of encryption. You can edit the list of ciphers to set a minimum as well as a maximum encryption level. For more information about cipher suites, see the CICS RACF Security Guide.
NOTSUPPORTED
Encryption is not used. During the SSL handshake, CICS advertises only supported cipher suites that do not provide encryption.
REQUIRED
Encryption is used. During the SSL handshake, CICS advertises only supported cipher suites that provide encryption.
SUPPORTED
Encryption is used if both client and server support it. During the SSL handshake, CICS advertises all supported cipher suites.
End of change
PROTECT({NO|YES}) (SNA LUs only)
specifies whether output messages can be recovered (see the MSGINTEG option), and whether message logging is to take place.
NO
Neither message integrity nor message logging is to take place.
YES
Provides recovery for output messages. CICS also records the contents of deferred write requests that are pending at a syncpoint, and records the receipt of the definite response (associated with the deferred write) on the system log for message recovery and resynchronization purposes. Journaling support is required during generation of the CICS system.
If you specify PROTECT(YES):
  • Specify MSGINTEG(YES). This ensures that the integrity response is received.
  • Ensure that definitions for the transaction CSLG and program DFHZRLG are available.
RECOVNOTIFY({NONE|MESSAGE|TRANSACTION})
specifies whether, and how, the terminal user is notified that an XRF takeover has occurred, in case the user needs to take some action such as signing on again.
NONE
The user is not notified.
MESSAGE
The user receives a message on the screen that the system has recovered. There are two BMS maps, DFHXRC1 and DFHXRC2, in map set DFHXMSG for the message. MESSAGE, rather than TRANSACTION, minimizes the takeover time.

The terminal must be defined with the ATI(YES) option, and must be capable of displaying a BMS map.

TRANSACTION
CICS initiates a transaction at the terminal. The name of the transaction is specified by the RMTRAN system initialization parameter. (The default transaction for this is the one specified in the GMTRAN system initialization parameter: the good-morning transaction.) TRANSACTION is more versatile than MESSAGE.

The terminal must be defined with ATI(YES).

RESSECNUM({0|value|PUBLIC})
specifies the resource security value to be associated with this file. This attribute is used when an EXEC command is executed within a transaction that has been defined with RESSEC(YES), and the command is attempting to reference this file.
0
A transaction defined with RESSEC(YES) is not allowed access to the file.
value
The resource security value, in the range 1 through 24. When a transaction defined with RESSEC(YES) attempts to reference this file, value is checked against the keys derived from RESSECKEYS either in the sign-on table, or from the TERMINAL definition. If one of these keys matches value, the transaction is allowed access to the file.
PUBLIC
Any transaction is allowed access to the file, regardless of whether security checking is specified or not.
RPG
RPG was a permitted value for the LANGUAGE option of a PROGRAM resource until CICS Transaction Server for OS/390®.
RSL(0|value|PUBLIC)
specifies the resource security value to be associated with this resource. This operand is used when an EXEC command is executed within a transaction that has been defined with RSLC(YES), and the command is attempting to reference the partition set.
0
A transaction defined with RSLC(YES) is not allowed access to the partition set.
value
The resource security value, in the range 1 through 24. When a transaction defined with RSLC(YES) attempts to reference this partition set, value is checked against the keys derived either from the RSLKEY in the sign-on table, or from the OPERRSL on the TERMINAL definition. If one of these keys matches value, the transaction is allowed access to the partition set.
PUBLIC
Any transaction is allowed access to the partition set, regardless of whether no security checking or RSL checking is specified. However, if an external security manager is in force, it checks access authorities no matter what RSL value (including PUBLIC) has been defined for the resource.
SSL({CLIENTCERT|NO|YES})
specifies the secure sockets layer (SSL) type for this logical EJB/CORBA server:
CLIENTCERT
SSL is used and authentication must be performed using a client certificate. You must specify a value for SSLPORT.

If you install a TCP/IP service on the SSL port, the TCPIPSERVICE definition must specify SSL(CLIENTAUTH) and AUTHENTICATE(CERTIFICATE). (This means that the client is required to send an SSL certificate which maps to an external security manager userid.)

NO
SSL is not used. This CorbaServer does not have an SSL port.
YES
SSL is used. You must specify a value for SSLPORT.
If you install a TCP/IP service on the SSL port, the TCPIPSERVICE definition must be specified in one of the following ways:
  1. SSL(CLIENTAUTH) and AUTHENTICATE(NO). The client is asked for an SSL certificate and, if it sends one, CICS uses any userid configured for it.
  2. SSL(YES) and AUTHENTICATE(NO). SSL is used, but the client is not asked for an SSL certificate.
SSLPORT(NO|number)
specifies the TCP/IP port number to be used for SSL communication by this logical EJB/Corba server. The port number must be in the range 1–65535. The default is No.

If SSL is NO, the value of this option is ignored.

If SSL is YES, the default for SSLPORT is 00684.

You must not specify the same port number for PORT and SSLPORT.

TCLASS({NO|value})
specifies the class associated with the task.
NO
No class is assigned to the task.
value
The decimal value (from 1 to 10) of the class associated with a task.
Note: Do not specify a TCLASS for a CICS-supplied transaction, because it may not be able to start if the class threshold is reached.
TRANSACTION(name)
allows only the specified transaction to be initiated from this device.

The name can be up to four characters in length. The acceptable characters are: A-Z a-z 0-9 $ @ # . / - _ % & ¢ ? ! : | " = ¬ , ; < >.

If you code this operand for a 3270 display, the only CICS functions the operator is able to invoke—other than this transaction—are paging commands and print requests.

TRANSEC({1|value})
specifies the transaction security value, in the range 1 through 64. When a user attempts to initiate the transaction, or when it is automatically initiated (through transient data or interval control), value is matched against the user's security keys defined in the DFHSNT SCTYKEY operand or, if the user is not signed on, the security keys defined in OPERSECURITY on the TERMINAL definition. If value is present in the security keys, the transaction is initiated.

Because all users and terminals have a security key of 1, any transaction with the default TRANSEC value of 1 is an unsecured transaction, and as such, it can be initiated by any user on the CICS system, whether they are signed on or not.

XRFSIGNOFF({NOFORCE|FORCE})
specifies the sign-on characteristics of a group of terminals.
FORCE
CICS should force sign-off of these terminals after an extended recovery facility (XRF) takeover.
NOFORCE
CICS should not force sign-off of these terminals after an extended recovery facility (XRF) takeover.
If you have a collection of terminals in a security-sensitive area, for example, you might choose to force sign-off of those terminals after a takeover, to prevent the use of the terminal in the absence of the authorized user. (This could happen if the authorized user left the terminal during takeover, and the terminal became active again while it was unattended.) This option works in conjunction with the XRFSOFF system initialization parameter and the XRFSOFF entry in the CICS RACF segment (if you are running RACF 1.9).