Security considerations for using IBM MQ with CICS

The CICS® adapter provides information to IBM® MQ for use in security.

The CICS adapter provides the following information to IBM MQ specifically for use in IBM MQ security:

Whether CICS resource-level security is active for this transaction, as specified on the RESSEC or RSLC operand of the RDO TRANSACTION definition.
User IDs.
For terminal tasks where a user has not signed on, the user ID is the CICS user ID associated with the terminal and is either:
- The default CICS user ID as specified on the CICS parameter DFLTUSER SIT
- A preset security user ID specified on the terminal definition
For non-terminal tasks, the CICS adapter tries to get a user ID with an EXEC CICS ASSIGN command. If this is unsuccessful, the adapter tries to get the user ID using EXEC CICS INQUIRE TASK. If security is active in CICS, and the non-terminal attached transaction is defined with CMDSEC(YES), the CICS adapter passes a user ID of blanks to IBM MQ.

For details of security considerations, see: