Security considerations for using WebSphere MQ with CICS
The CICS adapter provides the following information to WebSphere MQ specifically for use in WebSphere MQ security:
- Whether CICS resource-level security is active for this transaction--as specified on the RESSEC or RSLC operand of the RDO TRANSACTION definition.
- User IDs.
For terminal tasks where a user has not signed on, the user ID is the CICS user ID associated with the terminal and is either:
- The default CICS user ID as specified on the CICS parameter DFLTUSER SIT
- A preset security user ID specified on the terminal definition
For non-terminal tasks, the CICS adapter tries to get a user ID with an EXEC CICS ASSIGN command. If this is unsuccessful, the adapter tries to get the user ID using EXEC CICS INQUIRE TASK. If security is active in CICS, and the non-terminal attached transaction is defined with CMDSEC(YES), the CICS adapter passes a user ID of blanks to WebSphere MQ.
For more information about RACF security management in the CICS environment, see the CICS Transaction Server for OS/390 V1.3 CICS RACF Security Guide.