This section discusses the security definitions for REXX/CICS such as: general users, authorized users, authorized commands, authorized exec, and system libraries.
REXX/CICS users that are not defined as authorized by the AUTHUSER command cannot use REXX/CICS authorized commands. However, these users can define, write, alter, and use user commands (defined using the DEFCMD command) and execs. Users can also use (but not define, create, or alter) REXX/CICS authorized execs that reside in the CICEXEC library.
Authorized users are defined by the AUTHUSER command, that are allowed to use authorized REXX/CICS commands (commands defined using the DEFCMD or DEFSCMD command with the AUTH option specified).
Authorized commands are REXX/CICS commands that can only be used by authorized users or from authorized execs. Authorized commands are defined using the DEFCMD or DEFSCMD command with the AUTH option specified.
Authorized execs are programs (execs) that were loaded from sublibraries that were specified on the SETSYS AUTHCLIB or SETSYS AUTHELIB commands and are considered authorized. That is, these programs are allowed to use authorized REXX/CICS commands. All REXX/CICS users have access to execs loaded from the sublibraries specified on the SETSYS AUTHELIB command, but only authorized users have access to commands and execs loaded from the sublibraries specified on the SETSYS AUTHCLIB command.
All authorized commands written in the REXX language must be loaded from a VSE Librarian sublibrary specified on the SETSYS AUTHCLIB command. These may be both IBM and customer (or vendor) supplied.
All authorized execs must be loaded from a VSE Librarian sublibrary specified on either the SETSYS AUTHCLIB or SETSYS AUTHELIB commands. These may be both IBM and customer (or vendor) supplied.
User execs that are not authorized but are being shared by all REXX/CICS users can be placed in a VSE Librarian sublibrary specified in the LIBDEF PROC search chain for the CICS partition.