z/VSE security: Migrate your DTSECTXN to the BSM control file
Ingolf24 120000DRN3 Visits (8279)
In July I had a short blog entry about the migration of the old DTSECTXN, which holds the definitions for transaction security, to the Basic Security Manager (BSM) control file. In between we got more detailed questions about the DTSECTXN and its migration.
Therefore my colleague Monika looked into that again and will provide more details in the z/VSE Version (Release) and Hardware Upgrade paper, available here. Thanks, Monika. The update will be uploaded within the next weeks. I will keep you posted, when that update is available.
Just a short summary about the DTSECTXN migration:
Up to z/VSE V3.1.0, CICS transactions were protected using the access control table DTSECTXN. Starting with z/VSE V3.1.1, the BSM control file was introduced. The BSM control file uses the resource class TCICSTRN to protect CICS transaction. Up to z/VSE V6.1, DTSECTXN can exist in parallel to the BSM control file. That is, CICS transactions can still be protected using DTSECTXN. Since z/VSE V6.1, the IUI dialog, that supports the migration from DTSECTXN to the BSM control file, is no longer available. On z/VSE V6.2, DTSECTXN is not supported, that is the BSM will only use the transaction resource definition of the BSM control file. Transactions, that only had the security definitions in the DTSECTXN, can no longer be executed.
Note: Up to z/VSE V6.1, if the DTSECTXN phase is available, it is used by the BSM, even if the transactions are also defined in the BSM control file. Therefore, once you have completed the migration from DTSECTXN to the BSM control file, delete the DTSECTXN phase from your system. You can migrate the DTSECTXN definitions to the BSM control file on either your source or on your target system. The recommendation is to do the migration on your source system. The migration is described in detail in the z/VSE 5.2 Administration manual. It is on the z/VSE documentation page, here.
Have a good weekend.