With MRO links, information about the user can be transmitted with the attach request from the remote system. This means that you can protect your resources not only on the basis of which remote system is making the request, but also on the basis of which actual user at the remote system is making the request.
This section describes some of the concepts associated with remote-user security, and how CICS sends and receives user information.
You will have to define your users to RACF. If a remote user is not defined to RACF, any attach requests from that remote user are rejected.
CICS sends userids on ATTACHSEC(IDENTIFY) conversations. Table 1 shows how CICS decides which userid to send.
Characteristics of the local task | User identifier sent by the TOR to the AOR |
---|---|
Task with associated terminal—user identifier | Terminal user identifier |
Task with associated terminal—no user signed on and no USERID specified in the terminal definition | Default user identifier from the TOR |
Task with no associated terminal or USERID, started by interval control START command (if using function shipping or DTP) | User identifier for the task that issued the START command |
Task started with USERID option | User identifier specified on the START command |
CICS internal system task | CICS region userid |
Task with no associated terminal, started by transient data trigger | User identifier specified on the transient data destination definition that defines the queue |
Task with associated terminal, started by transient data trigger | Terminal user identifier |
Task started from PLTPI | User identifier specified by the PLTPIUSR system initialization parameter |