Security checking

CICS® uses an external security manager, such as RACF®, to perform security checking. The facilities CICS provides are summarized in this section, but you will need to refer to other manuals for full information. The CICS RACF Security Guide is the most comprehensive reference; it describes in detail how CICS uses RACF facilities to implement security. System and resource definition options that govern security are described in the CICS System Definition Guide and the CICS Resource Definition Guide, respectively, and the CICS Customization Guide contains general information on CICS security.

Five types of security checks govern whether a particular SPI command is executed:

CICS performs these checks if, and only if, the SEC system initialization parameter has a value of YES.

The transaction check occurs first, at task attach time, when CICS ensures that the user initiating the task has authority to use the transaction that is to be executed. This check is governed by the XTRAN system initialization parameter as well as SEC; it is skipped if the XTRAN value is NO. The remaining checks occur as necessary when commands are issued.

Command checking verifies that the user is authorized to use SPI commands. It is governed by the XCMD and CMDSEC system initialization parameters, and the CMDSEC option in the definition of the TRANSACTION being executed, and occurs if the XCMD value is not NO and either the CMDSEC option in the TRANSACTION is YES or the CMDSEC system initialization parameter is ALWAYS. If the user is not authorized, CICS rejects the command with a RESP value of NOTAUTH and a RESP2 value of 100. SPI commands are the ones described in this book, and are the same ones that require the SP option for translation (see page The format of SPI commands).

If the command associates a user ID with a resource, a surrogate check may follow the command check. This check ensures that the user ID of the task issuing the command has authority to act as a surrogate for the user ID named in the command. It occurs only if the XUSER system initialization parameter is YES, and applies only to these command-option combinations:

CICS returns a RESP2 value of 102 if the check fails. (Additional checks on the assigned user occur on SET TDQUEUE ATIUSERID, as detailed in the description of that command.)

The resource check verifies that the user ID has authority to use the resource in the way required by the command. Resource checking is controlled by the RESSEC option in the TRANSACTION being executed, the RESSEC system initialization parameter, and a system initialization parameter specific to the resource type:

Resource checking occurs only if the applicable resource-type system initialization system initialization parameter has a value other than NO and either the RESSEC option in the TRANSACTION is YES or the RESSEC system initialization parameter is ALWAYS. For commands other than INQUIRE NEXT, CICS rejects the command with the NOTAUTH condition and a RESP2 value of 101 if a resource check fails. During a browse, however, CICS simply skips resources that would fail the resource check on an ordinary INQUIRE (see Rules for browsing for details).

The resources that can be protected in this way, and the SPI commands that require access authority, are shown in the table that follows. The letter in parentheses after the command indicates whether the user needs read (R), update (U), or alter (A) authority to the resource.

Resource (system initialization parameter) Commands
Exits (XPPT option)
DISABLE PROGRAM (U)
ENABLE PROGRAM (U)
EXTRACT EXIT (R)
INQUIRE EXITPROGRAM (R)
Files (XFCT option)
COLLECT STATISTICS FILE (R)
CREATE FILE (A)
DISCARD FILE (A)
INQUIRE FILE (R)
SET FILE (U)
Journals (XJCT option)
COLLECT STATISTICS JOURNALNAME (R)
COLLECT STATISTICS JOURNALNUM (R)
DISCARD JOURNALNAME (A)
INQUIRE JOURNALNAME (R)
SET JOURNALNAME (U)
Programs Map sets Partition sets (XPPT option)
COLLECT STATISTICS PROGRAM (R)
CREATE MAPSET (A)
CREATE PARTITIONSET (A)
CREATE PROGRAM (A)
DISCARD PROGRAM (A)
INQUIRE PROGRAM (R)
SET PROGRAM (U)
Temporary storage queues (XTST option)
INQUIRE TSQUEUE (R)
INQUIRE TSQNAME (R)
Transactions (XPCT option)
COLLECT STATISTICS TRANSACTION (R)
CREATE TRANSACTION (A)
DISCARD TRANSACTION (A)
INQUIRE TRANSACTION (R)
INQUIRE REQID TRANSID (R)
SET TRANSACTION (U)
Transaction classes (XPCT option)
COLLECT STATISTICS TCLASS (R)
COLLECT STATISTICS TRANCLASS (R)
CREATE TRANCLASS (A)
DISCARD TRANCLASS (A)
INQUIRE TCLASS (R)
INQUIRE TRANCLASS (R)
SET TCLASS (U)
SET TRANCLASS (U)
Transient data queues (XDCT option)
COLLECT STATISTICS TDQUEUE (R)
CREATE TDQUEUE (A)
DISCARD TDQUEUE (A)
INQUIRE TDQUEUE (R)
SET TDQUEUE (U)
DB2ENTRYs (XDB2 option)
CREATE DB2ENTRY (A)
CREATE DB2TRAN (A)
INQUIRE DB2ENTRY (R)
INQUIRE DB2TRAN (R)
SET DB2ENTRY (U)
SET DB2TRAN (U)
DB2TRANs (XDB2 option)
CREATE DB2ENTRY (A)
CREATE DB2TRAN (A)
INQUIRE DB2ENTRY (R)
INQUIRE DB2TRAN (R)
SET DB2ENTRY (U)
SET DB2TRAN (U)

Authtype checking applies to DB2CONNs, DB2ENTRYs, and DB2TRANs only. For more information, see the CICS DB2 Guide.

The QUERY SECURITY command

You can find out whether you are authorized to access a resource or to issue a system programming command by issuing the QUERY SECURITY command. This is not an SPI command and does not access any resources, and so never raises a NOTAUTH condition. It is described in the CICS Application Programming Reference manual.

[[ Contents Previous Page | Next Page Index ]]