User IDs checked for CICS connections
Table 56. User ID checking against profile name for CICS-type user IDs
Alternate user ID specified on open? |
hlq.ALTERNATE.USER.userid
profile |
hlq.CONTEXT.queuename
profile |
hlq.resourcename profile |
No, 1 check |
- |
ADS |
ADS |
No, 2 checks |
- |
ADS+TXN |
ADS+TXN |
Yes, 1 check |
ADS |
ADS |
ADS |
Yes, 2 checks |
ADS+TXN |
ADS+TXN |
ADS+ALT |
Key:
- ALT
- Alternate user ID
- ADS
- The user ID associated with the CICS(R) batch job or, if CICS is running
as a started task, through the STARTED class or the started procedures table.
- TXN
- The user ID associated with the CICS transaction. This is normally the user
ID of the terminal user who started the transaction. It can be the CICS DFLTUSER, a
PRESET security terminal, or a manually signed-on user.
|
CICS example
Determine the user IDs checked for the following conditions:
- The RACF(R) access level to the RESLEVEL profile, for a CICS address space
user ID, is set to NONE.
- An MQOPEN call is made against a queue with MQOO_OUTPUT and MQOO_PASS_IDENTITY_CONTEXT.
Answer: First, see how many CICS user IDs are
checked based on the CICS address space user ID access to the RESLEVEL profile.
From Table 51, two user IDs are checked if the RESLEVEL profile
is set to NONE. Then, from Table 56, these checks
are carried out:
- The hlq.ALTERNATE.USER.userid profile is not checked.
- The hlq.CONTEXT.queuename profile is checked with both the CICS address space
user ID and the CICS transaction user ID.
- The hlq.resourcename profile is checked with both the CICS address space
user ID and the CICS transaction user ID.
This means that four security checks are made for this MQOPEN call.