CICS Transaction Gateway V5 The WebSphere ... - IBM Redbooks

CONNECTION and SESSIONS definitions
In order for our CICS region to use the user ID flowed in the EXCI call from the
CICS TG, we set the parameter ATTACHSEC=IDENTIFY in our EXCI connection
definition in our CICS region SCSCPJA4, as shown in Figure 6-2.
OVERTYPE TO MODIFY CICS RELEASE = 0620
CEDA ALter CONnection( CTG4 )
CONnection : CTG4
Group : PJA4CTG4
DEscription ==>
CONNECTION IDENTIFIERS
Netname ==> SCSCTG4
INDsys ==>
CONNECTION PROPERTIES
ACcessmethod ==> IRc Vtam | IRc | INdirect | Xm
PRotocol ==> Exci Appc | Lu61 | Exci
Conntype ==> Specific Generic | Specific
SECURITY
SEcurityname ==>
ATtachsec ==> Identify Local | Identify | Verify
| Persistent | Mixidpe
BINDPassword : PASSWORD NOT SPECIFIED
BINDSecurity ==> No No | Yes
Usedfltuser ==> No No | Yes
Figure 6-2 CICS CONNECTION definition
SYSID=PJA4 APPLID=SCSCPJA4
IDENTIFY means that CICS uses the flowed user ID in the EXCI request, but
does not expect a password to be flowed with the request, as this should be
checked by the CICS TG itself.
Link security
Next we decided to disable link security. Link security is an additional level of
security that applies to all attach requests received over a connection. For MRO
or EXCI requests, this is set as follows.
The SESSIONS definition is checked as follows:
1. If the link user ID is the same as the region user ID, then the systems are
deemed equivalent and no link security authorization is performed.
2. If the link user ID is defined as anything else, then this user ID must have
access to all resources that the EXCI requests need.
Chapter 6. CICS TG security scenarios 107