Security

Security for new SPI and CEMT commands

New predefined RACF® resource names control access to the following resources using the SPI and CEMT:

New category 1 transaction

The new CWXU transaction is for CICS® internal use, and should not be invoked from a user terminal. For security purposes, it is a category 1 transaction.

New global user exits

When CICS is an HTTP client, the new global user exits XWBOPEN (on the WEB OPEN command) and XWBSNDO (on the WEB SEND command) enable you to apply a security policy to the host name and path specified for outbound HTTP client requests from CICS. Changes to global user exits describes these new exits.
Start of change

Security for static responses by CICS as an HTTP server

You can deliver CICS documents and HFS files as static responses to requests from Web clients, by setting up URIMAP definitions that supply the response without calling a user-written application program. When you deliver items as a static response, HTTP basic authentication does not operate. This means that resource level security, with access controls based on a user ID, cannot be applied to items delivered as a static response. If the items require authentication or resource level security, you need to deliver the material as an application-generated response. When an application-generated response is used, basic authentication can be used, and the user ID from basic authentication can be applied to the alias transaction that covers processing by the user-written application program, so you can grant or deny access to the specific resources and commands used by the application program.End of change