Summary of intercommunication security levels

Table 1 shows bind-time, transaction, resource, and command security, and how CICS® enforces these levels of security under the LU6.2, MRO, and LU6.1 protocols. It also shows how the two levels of authorization (user and link) are involved at the three security levels.

For guidance on choosing between these environments, see the CICS Intercommunication Guide.

Table 1 shows a summary of intercommunication security.
Table 1. Summary of intersystem and interregion security
Security level Security checks LU type 6.1 LU type 6.2 MRO
Bind-time security (when BIND is received) Should the BIND request be accepted? No check Session key from RACF® DFHAPPL profiles in RACF FACILITY class
Bind-time security (when BIND is sent) Is the remote system the correct one? No check Session key from RACF DFHAPPL profiles in RACF FACILITY class
Transaction security Does the link have authority to attach the transaction? Link authority is established just after the session is bound, by signon of the user ID specified in the SECURITYNAME attribute of the CONNECTION definition or the USERID attribute of the SESSIONS definition. Link authority is established just after the session is bound, by signon of the user ID specified in the USERID attribute of the SESSIONS definition.
Transaction security Does the remote user have authority to access this system? No check The authority of the remote user is established at signon time
Transaction security Does the remote user have authority to attach the transaction? Link authority The authority of the remote user is established at this attach request (or possibly at an earlier attach request from the same user) by sign-on
Resource, command, and surrogate security Does the session have the authority to to access other resources that the transaction uses? Link authority is established just after the session is bound, by signon of the user ID specified in the SECURITYNAME attribute of the CONNECTION definition or the USERID attribute of the SESSIONS definition. Link authority is established just after the session is bound, by signon of the user ID specified in the USERID attribute of the SESSIONS definition.
Resource, command, and surrogate security Does the remote user have authority to access other resources that the transaction uses? Link authority The authority of the remote user is established at this attach request (or possibly at an earlier attach request from the same user) by sign-on
Note: Remember to define profiles for your resources and users to RACF, as described for single systems in RACF facilities.