Previous Topic: Securing EXEC CICS CommandsNext Topic: Examples: securing EXEC CICS ENABLE, DISABLE, EXTRACT, COLLECT STA EXEC CICS ENABLE


Examples: securing EXEC CICS INQUIRE and SET commands

In In this example, the user only has permission to execute EXEC CICS INQUIRE PROGRAM(TSSCAI) commands:

TSS ADDTO(deptacid) SPI(PROGRAM)
TSS PERMIT(acidname) SPI(PROGRAM)
                     ACCESS(INQUIRE)
TSS ADDTO(deptacid) PPT(TSSCAI)
TSS PERMIT(acidname) PPT(TSSCAI)
                     ACCESS(INQUIRE)

Note: If the program is owned, then ACCESS(EXEC) is required on the PERMIT statement.

Note: For acidname to actually call TSSCAI from a transaction, ACCESS(EXEC) would need to be added to the above PERMIT.

In In this example, the user only has permission to execute EXEC CICS SET TRANSACTION(TSS) commands:

TSS ADDTO(deptacid) SPI(TRANSACT)
TSS PERMIT(acidname) SPI(TRANSACT)
                     ACCESS(SET)
TSS ADDTO(deptacid) OTRAN(TSS)
TSS PERMIT(acidname) OTRAN(TSS)
                     ACCESS(SET)

Note: Although authorization to SPI resources can be specified for up to 44 characters, ownership of the resource is limited to eight characters.

Securing ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS Commands

You can secure the ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS EXEC CICS commands via the CA Top Secret SPI resource. The syntax for the IBM EXEC CICS commands is:

EXEC CICS function option(argument)

ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS are command functions.

CA Top Secret protects EXEC CICS commands by providing equivalent SPI access levels for EXEC CICS function options. CA Top Secret secures EXEC CICS functions via two commands:

The following table lists valid SPI access levels for EXEC CICS commands:

Command Function

SPI Access Level

ENABLE

SET

DISABLE

SET

EXTRACT

INQUIRE

COLLECT STATISTICS

COLLECT

EXEC CICS ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS commands have related functions. The next section describes how CA Top Secret secures each function and their associated commands.

Securing Functions

The following table lists the EXEC CICS command functions and their SPI equivalents for the EXEC CICS ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS commands:

Command Function

SPI Keyword

ENABLE

SPI(EXITPROG)

DISABLE

SPI(EXITPROG)

EXTRACT

SPI(EXITPROG)

COLLECT STATISTICS

SPI(EXITPROG)