As in a single-system environment, users must be authorized to:
Attach a transaction (transaction security)
Access all the resources that the transaction is programmed to
use. These levels are called resource security, surrogate
user security, and command security
Transaction security
As in a single-system environment, the security requirements
of a transaction are specified when the transaction is defined, as described in Transaction security.
In an IPIC environment, two basic security requirements
must be met before a transaction can be initiated:
The link user ID must have sufficient authority to initiate the transaction (see IPIC link security).
If anything other than USERAUTH(LOCAL) has been specified, user security is in force. The user
who is making the request must therefore have sufficient authority to access the system and to
initiate the transaction.
Resource and command security
Resource and command security in an intercommunication
environment are handled in much the same way as in a single-system environment.
Resource and
command security checking are performed only if the installed TRANSACTION definition specifies that
they are required; for example, on the CEDA DEFINE TRANSACTION command, as shown in Figure 1. Figure 1. Specifying resource and command security for transactions
If a TRANSACTION definition specifies resource security checking, using RESSEC(YES),
both the link and the user must have sufficient authority for the resources that the attached
transaction accesses.
If a TRANSACTION definition specifies command security checking, using
CMDSEC(YES), both the link and the user must have sufficient authority for any of the system
programming commands shown in Table 1 that the attached
transaction issues.