Table 1 shows bind-time, transaction, resource, and command security, and how CICS® enforces these levels of security under the LU6.2, MRO, and LU6.1 protocols. It also shows how the two levels of authorization (user and link) are involved at the three security levels.
For guidance on choosing between these environments, see the CICS Intercommunication Guide.
Security level | Security checks | LU type 6.1 | LU type 6.2 | MRO |
---|---|---|---|---|
Bind-time security (when BIND is received) | Should the BIND request be accepted? | No check | Session key from RACF® | DFHAPPL profiles in RACF FACILITY class |
Bind-time security (when BIND is sent) | Is the remote system the correct one? | No check | Session key from RACF | DFHAPPL profiles in RACF FACILITY class |
Transaction security | Does the link have authority to attach the transaction? | Link authority is established just after the session is bound, by signon of the user ID specified in the SECURITYNAME attribute of the CONNECTION definition or the USERID attribute of the SESSIONS definition. | Link authority is established just after the session is bound, by signon of the user ID specified in the USERID attribute of the SESSIONS definition. | |
Transaction security | Does the remote user have authority to access this system? | No check | The authority of the remote user is established at signon time | |
Transaction security | Does the remote user have authority to attach the transaction? | Link authority | The authority of the remote user is established at this attach request (or possibly at an earlier attach request from the same user) by sign-on | |
Resource, command, and surrogate security | Does the session have the authority to to access other resources that the transaction uses? | Link authority is established just after the session is bound, by signon of the user ID specified in the SECURITYNAME attribute of the CONNECTION definition or the USERID attribute of the SESSIONS definition. | Link authority is established just after the session is bound, by signon of the user ID specified in the USERID attribute of the SESSIONS definition. | |
Resource, command, and surrogate security | Does the remote user have authority to access other resources that the transaction uses? | Link authority | The authority of the remote user is established at this attach request (or possibly at an earlier attach request from the same user) by sign-on |