You can use the CICS routing transaction, CRTE, with MRO to run transactions
that reside on a connected remote system, instead of defining these transactions
as remote in the local system. CRTE is particularly useful for infrequently
used transactions, or for transactions such as CEMT that reside on all systems.
Ensure that the terminal through which CRTE is invoked is defined on the
remote system (or defined as "shippable" in the local system). The terminal
operator needs RACF® authority if the remote system is protected.
Security checking done in the AOR for transactions executed under CRTE
does not depend on what is specified on ATTACHSEC, nor on the userid signed
on in the TOR. Instead, security checking depends on whether the user signs
on while using CRTE:
- If the user does not sign on, the surrogate terminal
created is associated with the AOR default user. When a transaction is run,
the security checks are carried out against this default user. A check is
also done against the link userid to see whether the routing application itself
has authority to access the resource.
- If the user does sign on, using the CESN transaction
while running CRTE, the surrogate points to the userid of the signed-on user.
For transactions attempting to access resources, security checking is done
against the signed-on user's userid in the surrogate and the link userid.
For more information on CRTE, see
the CICS® Intercommunication Guide.