Security checking of transactions running under CEDF or CEDX
When a transaction is run under the CEDF or the CEDX transaction, CICS® checks the security settings for the target transaction.
The IBM®-supplied definitions of CEDF and CEDX in the DFHEDF group specify RESSEC(YES). Definitions in the IBM-supplied groups cannot be modified, so to change the definition, copy the transaction to another group.
When CEBR and CECI are invoked from within CEDF they are transaction-attach checked.
When CEDF or CEDX is used to test a transaction, the authority
of the user executing the transaction being tested is checked. For
each resource accessed by the tested transaction, the user must have
access authority, otherwise a NOTAUTH condition is raised. This requirement
applies to all resource checks:
- Transaction attach
- CICS resource
- CICS command
- Non-CICS resources accessed through the QUERY SECURITY command
- Surrogate user