ESA/VSE Command Level Security

In some situations, current software practices limit the effectiveness of relying on CICS resource security alone. For additional security control, REXX/CICS was designed with the concept of command level security. Because most facilities under REXX/CICS are accessed as commands, command level security can be used to control access to CICS (and other product or system) facilities. For example, VSAM file access is accomplished through the READ, WRITE, and REWRITE commands.

REXX/command level security is controlled by the DEFSCMD and DEFCMD AUTH parameter and by the provision of authorized REXX/CICS library support.

Command execution security controls the use of certain REXX/CICS commands, or command keywords. In general, this is accomplished by the designation of certain commands (or command options) as authorized. Such command designation is accomplished by the DEFCMD and DEFSCMD commands. For authorized commands to execute properly, they must either be:
  1. Executed from an exec loaded from a VSE Librarian sublibrary specified on a SETSYS AUTHCLIB or SETSYS AUTHELIB command.
  2. Executed by an authorized user. A user can be authorized by the AUTHUSER command.

Reference Reference

Feedback


Timestamp icon Last updated: Tuesday, 7 January 2014


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic/com.ibm.cics.rexx.doc//dfhrx/rvse373.html