Transaction routing security with MRO
In transaction routing, the authority of a user to access a transaction can be tested in both the TOR and the AOR.
In the TOR, a normal test is made to ensure that the user has authority to access the transaction defined as remote, just as if it were a local transaction. This test determines whether the user is allowed to run the relay program.
In the AOR, the transaction has as its principal facility a remote terminal
(the
surrogateterminal) that represents the
realterminal in the TOR. The way in which the remote terminal is defined (see Defining remote resources for transaction routing) affects the way in which user security is applied.
- If the definition of the remote terminal does not specify the USERID parameter:
- For links with ATTACHSEC(IDENTIFY), the transaction security and resource security of the user are established when the remote user is signed on. The userid under which the user is signed on, whether explicitly or implicitly (in the DFLTUSER system initialization parameter), has this security capability assigned in the remote system.
- For links with ATTACHSEC(LOCAL), transaction security, command security, and resource security are limited by the authority of the link.
In both cases, tests against the link security are made as described in Link security with MRO.
Note: During transaction routing, the 3-character operator identifier
from the TOR is transferred to the surrogate terminal entry in the AOR. This
identifier is not used for security purposes, but it may be referred to in
messages and audit trails.
When transaction routing a PSB request, the following conditions must both
be satisfied:
- ATTACHSEC on the connection definition must not be LOCAL (that is, it can be IDENTIFY, PERSISTENT, MIXIDPE, or VERIFY).
- PSBCHK=YES must be specified as a system initialization parameter in the remote system.