How it works: 3270 security

Understand how 3270 terminals or terminal emulators are configured for secure operation within CICS®.

The following terms are specific to 3270 terminals. These terms are described here and referenced in the 3270 security documentation.

The default user ID, defaultUser, is used for any terminal that has yet to supply any credentials. This value is specified by SIT parameter DFLTUSER.

Sign on transaction, signOn, refers to a CICS transaction used by a 3270 terminal user to authenticate themselves to the system. CICS provides transactions CESN and CESL although environments can use a locally written transaction.

Sign off transaction, signOff, refers to a CICS transaction used by a 3270 terminal user to remove their credentials from the terminal and can also disconnect the terminal from the CICS system. CICS provides transaction CESF although environments can use a locally written transaction.

The Good Morning Transaction, gmTran, is a transaction that is started on a newly connected 3270 terminal. The transaction that is used is set by the SIT parameter GMTRAN and defaults to the CICS supplied transaction CSGM.

The CICS region VTAM® Generic application identifier, grApplid specified by the SIT parameter GRNAME, is used when CICS checks whether a user has permission to access the CICS region. If GRNAME is not specified for the CICS region, the region’s VTAM application identifier referenced as applid that is specified by SIT parameter APPLID is used. Whenever grApplid is used, unless stated otherwise, it references the value applid if grApplid is blank.

When a terminal device connects into CICS by using 3270 data protocols, multiple facilities are available:

  • Users authenticate by using a signOn transaction or for fixed devices, a statically defined user identification can be set for the device.
  • Authorization ensures that only permitted users and devices can connect to the CICS region.
  • Confidentially of the data that passes between a device and CICS is protected by encryption while the data passes over the network infrastructure. Physical security of the network hardware also provides further protection.