CICS security: performance considerations

CICS® provides an interface for an external security manager (ESM), such as RACF®, for three types of security: transaction, resource, and command security.

Effects

Transaction security verifies an operator’s authorization to run a transaction. Resource security limits access to data sets, transactions, transient data destinations, programs, temporary storage records, and journals. Command security is used to limit access to specific commands and applies to special system programming commands. For example, EXEC CICS INQUIRE, SET, PERFORM, DISCARD, and COLLECT. Transactions that are defined with CMDSEC=YES must have an associated user.

Limitations

Protecting transactions, resources, or commands unnecessarily both increases processor cycles, and real and virtual storage requirements.

Recommendations

Because transaction security is enforced by CICS, it is suggested that the use of both resource security and command security should be kept to the minimum. The assumption is that, if operators have access to a particular transaction they therefore have access to the appropriate resources.

How implemented

Resource security is defined with the RESSEC(YES) attribute in the TRANSACTION definition.

Command security is defined with the CMDSEC(YES) attribute in the TRANSACTION definition.

How monitored

No direct measurement of the overhead of CICS security is given. RMF™ shows overall processor usage.

Related tasks
CICS facilities: performance considerations
Tuning the use of CICS temporary storage (TS)
Using temporary storage data sharing to improve performance
Optimizing the performance of the CICS transient data (TD) facility
Using Global ENQ/DEQ to improve performance
CICS monitoring facility: performance considerations
CICS trace: performance considerations
CICS recovery: performance considerations
CICS storage protection facilities: performance considerations
CICS business transaction services: performance considerations
[[ Contents Previous Page | Next Page Index ]]