CICS performs surrogate user checks when the EXEC CICS START command is used to start a transaction that is not associated with a terminal. The user ID under which the transaction issuing the START command runs is named the starting-user ID, and the user ID under which the started transaction runs is named the started-user ID.
Notes:
CICS requires that all user IDs associated with the transaction issuing the START are surrogates of the started-user ID. CICS also assumes that any user ID is always a surrogate of itself. Therefore, user IDs that are the same as started-user ID are regarded as surrogates already, and the external security manager is not named for them.
The special conditions apply when CICS intercommunication is used in that the transaction can be associated with user IDs that are different from the starting-user ID. If an EXEC CICS START command (without TERMID) is function that is shipped or is executed from a transaction-routed transaction, the command can be subject to link security (link security is discussed under LU6.2 CICS Security because the links are mostly implemented as LU6.2 resources). If link security is in effect, CICS also performs a surrogate user check to verify that the user ID for link security is authorized as a surrogate user to the user ID for the started transaction. The surrogate check is done at this stage even if the USERID is omitted (if the started-user ID is different from the link user ID).
|
Copyright © 2014 CA.
All rights reserved.
|
|