The DFHSIT parameter XUSER, new for CICS Release 4.1 and above controls non‑terminal (background) security.
You do not have to specify the sysid of the region in the Bypass List to deactivate security. Only SEC=NO is required.
Installation check messages are not displayed at start up. Use TSEU=INSTALL to see the security parameter settings.
TSEU=CESF=tttt will log off the designated terminal.
The EXEC CICS ENABLE, DISABLE, and EXTRACT commands are protected by the SPI resource of EXITPROG.
The PCTCMDSEC FACILITY suboption is part of the DFHSIT parameter overrides. Based on the Facilities Matrix setting, this parameter honors or overrides the DFHSIT parameter CMDSEC=.
The PCTRESSEC FACILITY suboption is part of the DFHSIT parameter overrides. Based on the Facilities Matrix setting, this parameter honors or overrides the DFHSIT parameter RESSEC=.
Consider the following pertaining to the MAXUSER FACILITY suboption:
The default setting of 3000 for MAXUSER is high unless you have a very large CICS region (over 2500 users). Therefore, you should adjust your MAXUSER size to match the expected high number of users that might be active in the CICS region.
In addition to calculating the number of users for the user pool allocation, MAXUSER is used for a feature called resource caching.
This feature uses the MAXUSER setting to build the cache box pool.
MRO securityname is not used for bind and link.
PCT and PPT entries have been replaced by CSD entries.
CICS 4.1 and above implements transaction security for background (non‑terminal) transactions. You might need to define permits or optionally add to the tran or tranid bypass lists those transactions which are started in this manner.
The Automatic Terminal Signon (ATS) feature is invoked during any resource validation.
The real Port‑of‑Entry (POE) is used for consoles involved in Automatic Terminal Signon (ATS). (The CICS terminal ID was used previously.) If using source protection for your consoles, you might need to add the POE to your console source list(s). The Port‑of‑Entry name can be obtained from the CONSNAME parameter in the CICS TCT definition. It corresponds to the names defined for consoles in the MVS SYS1.PARMLIB member, CONSOLnn. (See the IBM CICS System Definition Guide for more information.)
Locktime runs in pseudo‑conversational mode when you specify PCLOCK=YES facility suboption. The TSLK transaction is used to perform this processing. The TSLK transaction must be defined to the CICS system. The default locktime processing is PCLOCK=NO (conversational mode).
Certain transaction IDs and program names must be defined.
