Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
CICS TCP/IP security considerations z/OS Communications Server: IP CICS Sockets Guide SC27-3649-00 |
|
The following transactions should be added to your xCICSTRN RACF® class:
The EZAC and EZAO transactions are designed to be run with a terminal. If you want a user to administer the IP CICS® sockets configuration then you must grant the user authorization to the EZAC transaction. If you want a user to manually start and stop the IP CICS socket interface then you must grant the user authorization to the EZAO and EZAP transactions . If you want a user to manually start and stop the listener then you must grant the user authorization to the EZAO and CSKL (and any user defined transaction defined to execute EZACIC02) transactions. For terminal tasks where a user has not signed on, the
user ID is the CICS user ID
associated with the terminal and is either:
The IP CICS socket interface can be started and shutdown by placing EZACIC20 in the PLT; therefore, an entry must be placed in your PLT RACF class to allow this action. User ID's that are used to start the IP CICS socket interface include those defined with the PLTPIUSR SIT macro should be allowed USE access to the resource class where the IP CICS sockets transactions are defined. The CICS region user ID must also be authorized to be the surrogate of the user ID specified on the PLTPIUSR parameter. User ID's used to manage the starting and stopping of the CICS socket interface (EZAO), the listener (CSKL or user defined transactions executing EZACIC02) and user application programs linking to the IP CICS domain name server module, EZACICxx should at least be granted UPDATE access to the EXITPROGRAM resource. For more information about RACF security management in the CICS environment, see z/OS Security Server RACF Security Administrator's Guide. |
Copyright IBM Corporation 1990, 2014
|