Information about remote users

With MRO links, information about the user can be transmitted with the attach request from the remote system. This means that you can protect your resources not only on the basis of which remote system is making the request, but also on the basis of which actual user at the remote system is making the request.

This section describes some of the concepts associated with remote-user security, and how CICS sends and receives user information.

You will have to define your users to RACF. If a remote user is not defined to RACF, any attach requests from that remote user are rejected.

CICS sends userids on ATTACHSEC(IDENTIFY) conversations. Table 1 shows how CICS decides which userid to send.

Table 1. MRO attach-time user identifiers
Characteristics of the local task User identifier sent by the TOR to the AOR
Task with associated terminal—user identifier Terminal user identifier
Task with associated terminal—no user signed on and no USERID specified in the terminal definition Default user identifier from the TOR
Task with no associated terminal or USERID, started by interval control START command (if using function shipping or DTP) User identifier for the task that issued the START command
Task started with USERID option User identifier specified on the START command
CICS internal system task CICS region userid
Task with no associated terminal, started by transient data trigger User identifier specified on the transient data destination definition that defines the queue
Task with associated terminal, started by transient data trigger Terminal user identifier
Task started from PLTPI User identifier specified by the PLTPIUSR system initialization parameter