This section describes the Web User Interface security requirements for CICS® security, Secure Sockets Layer (SSL) support, and access to MVS™ data sets.
If your Web User Interface server region is running with CICS security active, you need to define the security access required:
Table 25 summarizes the access required by the various userids.
You may wish to use CICS transaction security (see the CICS RACF Security Guide) to limit the users who are allowed to control the Web User Interface server via the COVC transaction.
See the CICSPlex® System Manager Web User Interface Guide for information about how to control users of the Web User Interface and to limit what resources they are allowed to access.
If CICS transaction security is in use the CICS DFLTUSER (for a CICS Transaction Server for OS/390® version 1.3 or later system) or the CWBM transaction userid (for a pre-CICS Transaction Server for OS/390 version 1.3 system) must be given access to the COVP, COVU, and COVE transactions.
The userid that starts the Web User Interface (terminal user of COVC or PLTPIUSR, if started automatically via PLTPI) must have access to the COVC and COVG transactions.
If CICS surrogate user security checking is active in the Web User Interface server region, the userid that started the Web User Interface (terminal user of COVC or PLTPIUSR, if started automatically via PLTPI) must have READ access to wui-userid.DFHSTART in the SURROGAT class for all Web User Interface users.
The Web User Interface end-user needs access to the COVA transaction and CICSPlex SM.
Users of the View Editor need access to the COVA transaction, CICSPlex SM and the View Editor profile. For more information about access to the View Editor, see the CICSPlex System Manager Web User Interface Guide.
All users who are successfully signed onto the Web User Interface have access to all of the customizable view and menu help pages, if the customizable view and menu help is served by the Web User Interface.
Table 25 summarizes the security accesses required by users of the Web User Interface.
User Roles | CICS Web Interface | Administrator | End-user | View Editor |
Transactions | COVP COVE COVU | COVG COVC | COVA | COVA |
CICS surrogate user security | Yes | |||
View Editor profile | Yes | |||
CICSPlex SM and CICS security | As appropriate for individual users | As appropriate for individual users |
If you are using a CICS Transaction Server for OS/390 version 1.3 or later system, you can provide secure connections by using the Secure Sockets Layer (SSL) support to provide encryption on the connection. For information about SSL support, see the CICS Internet Guide. Also, see Specify the Web User Interface server initialization parameters for information about the TCPIPSSL and TCPIPSSLCERT, Web User Interface server initialization parameters, that you need to specify for SSL support.
In addition to standard CICS and CICSPlex SM requirements, the CICS region userid must have the authority to access the data sets associated with the DDnames described in Table 26.
DDnames | Access required |
EYUWUI | READ |
DFHHTML | READ |
EYUCOVI (and clones) | READ |
EYUWREP | UPDATE |
EYULOG | UPDATE |
EYUCOVE (and clones) | UPDATE |