SIGNON

Sign on to a terminal.

Syntax

SIGNON

Read syntax diagramSkip visual syntax diagramSIGNONUSERID( data-value)ESMREASON( data-area)ESMRESP( data-area)NEWPASSWORD( data-value)PASSWORD( data-value)

Conditions: INVREQ, NOTAUTH, USERIDERR

Description

SIGNON associates the security capabilities and operator characteristics of the specified user with the terminal. SIGNON signs on to the terminal or principal facility that is associated with the issuing transaction.

Signon does not affect the user ID and security capabilities currently in effect for the transaction issuing the command. This is because:
  • A transaction's user ID and security capabilities are established at transaction-attach time. It is not possible to modify these subsequently during the life of the transaction.
  • All actions performed by a transaction (whether to a local or remote resource, or to a connected system) take place in the security context established at the time the transaction was attached.

The SIGNON command has no implied signoff. If you want to sign on as a user at a terminal to which a user is already signed on (including CESN/CESL), you must first issue a SIGNOFF command. Note that the USERID option has no default value.

PASSWORD is used as a parameter, which means that if a dump occurs, that password might become visible. You should therefore clear the field as soon as possible after using PASSWORD.

Options

NEWPASSWORD(data-value)
Specifies an optional 100-byte field that defines a new password. This option is valid only if PASSWORD is also specified. The data-value cannot be null if NEWPASSWORD is specified.
PASSWORD(data-value)
Specifies a 100-byte password that is required by the security manager.
Note: When no password is being used, you should define this parameter as PASSWORD("").
USERID(data-value)
Specifies the 8-byte signon user ID.
ESMREASON(data-area)
Returns the reason code, in a fullword binary field, that CICS® receives from the external authentication manager. If the EAM is RACF®, this field is the RACF reason code.
ESMRESP(data-area)
Returns the response code, in a fullword binary field, that CICS receives from the external authentication manager. If the external authentication manager is RACF, this field is the RACF return code.

Conditions

INVREQ
Occurs in the following conditions:
  • The terminal is already signed on (RESP2=9).
  • No terminal is associated with this task (RESP2=10).
  • An unknown return code exists in ESMRESP from the external authentication manager (RESP2=13).
  • Signon was attempted using transaction routing without using the CRTE transaction (RESP2=15).
  • The CICS external authentication manager interface is not initialized (RESP2=18).
  • The external authentication manager (EAM) is not active (RESP2=27).
  • Command not allowed for a distributed program link server program (RESP2=200).

Default action: Terminates the task abnormally.

NOTAUTH
Occurs in the following conditions:
  • A password is required (RESP2=1).
  • The supplied password is wrong (RESP2=2).
  • A new password is required (RESP2=3).
  • The new password is not acceptable (RESP2=4).
  • The user ID is revoked (RESP2=19).

Default action: Terminates the task abnormally.

USERIDERR
Occurs in the following conditions:
  • The user ID is not known to the security manager (RESP2=8).
  • The user ID is all blanks or nulls (RESP2=30).

Default action: Terminates the task abnormally.