Implementing security for CICS-MQ adapter transactions
If you want a user to administer the CICS®-MQ adapter, you must grant the user authorization to the appropriate CICS transactions.
If required, you can restrict access to specific functions of the adapter. For example, if you want to allow users to display the current status of the adapter, but nothing else, give them access to CKQC, CKBM, CKRT, and CKDP only.
Define these transactions to CICS with RESSEC(NO) and CMDSEC(NO). For more details, see Security of resource definitions and CICS command security.
Transaction | Function |
---|---|
CKAM | Alert monitor |
CKBM | Controls the adapter functions |
CKCN | Connect |
CKDL | Line mode display |
CKDP | Full screen display |
CKQC | Controls the adapter functions |
CKRS | Statistics |
CKRT | Controls the adapter functions |
CKSD | Disconnect |
CKSQ | CKTI START/STOP |
CKTI | Trigger monitor |
As well as administrators, user IDs connecting to WebSphere® MQ, the user ID set in the PLTPIUSR system initialization parameter, and the CICSPlex® SM MAS agent user ID must also be authorized to run the CKTI and CKAM transactions.