User Definitions (UD)

User Definitions (UD) identify terminal users of a CICS® region. CICS uses this definition to check security for transactions and resources. A user that does not have an entry in the UD can access the CICS region only with the public access rights that are permitted to the default User ID. The following attributes of the User Definitions (UD) are described in this section:

Note: Attribute names appear as they are used on the command line, followed in parentheses by the descriptions that are used by the AIX® System Management Interface Tool (SMIT).

<Key>

This attribute specifies a unique user identifier and is the key of the UD entry. User identifiers are not supported by National Language Support (NLS). They are specified with a maximum of eight characters that are taken from the ASCII characters exclamation point (!) to tilde (~), (33 through 126 decimal), excluding the single-quotation ('), period (.), backslash (\), number sign (#), and colon (:). For all the permanent database operations, and on a runtime database insert operation, CICS performs class-specific validation of the bytes that form the database key.

If you are using SMIT (CICS for AIX) to set this value, see Restrictions on the use of characters.

Do not specify the same name for a user ID and for the region name. If the same name is specified, unpredictable results can occur because the region name is handled as a special name by CICS security such that only TSL/RSL public access is granted.

ActivateOnStartup (Activate the resource at cold start?)

This attribute specifies whether a resource definition is always copied from the permanent database to the runtime database at the cold start of a region. If the attribute is set to yes, the resource definition is always copied from the permanent database to the runtime database. If the attribute is set to no, the resource definition is not copied to the runtime database, unless its group has been specified in the Groups attribute of the Region Definitions (RD). The default value is yes.

AmendCounter (Number of updates)

This attribute is reserved for CICS internal use.

CICSPassword (Encrypted password)

This attribute contains an encrypted version of the password that is to be used to authenticate this user. This attribute can be set by using the CICS RDO utilities or by using SMIT on CICS for AIX. The password is entered as plain text but is stored and displayed in its encrypted form. The value for CICSPassword can be upto 100 bytes. Supported character set is as follows:

Characters A-Z, a-z, and 0-9.
Special characters, except back slash and caret sign.
Punctuation characters except back quote, double quote, single quote.
Blank space between characters. Passwords with all blank spaces are not supported.
Any other character that can be typed on shell command-line and accepted by shell command-line.

The default value is "".

GroupName (Group to which resource belongs)

This attribute specifies the name of a group to which this resource definition belongs. The name is specified in an 8-byte ASCII text string. For cold starts, you can specify that CICS copies, from the permanent database to the runtime database, resource definitions that belong to groups that are named in the Groups attribute of the Region Definitions (RD). (This can be done in addition to setting the ActivateOnStartup attribute to yes for resources whose definitions are to be copied on startup from the permanent database to the runtime database.) The default value is "", which specifies no group.

OpID (Operator ID)

This attribute specifies a three-byte operator identification that is to be associated with this user. This value is returned by the EXEC CICS ASSIGN OPID and EXEC CICS INQUIRE TERMINAL OPID commands. If your applications make use of this value, ensure that it is unique for all users who will access this region. The default values follow:

AIX on CICS for AIX
LNX on CICS for Linux®
WNT on CICS for Windows

Permanent (Protect resource from modification?)

This attribute specifies whether this entry can be amended or deleted from the permanent database. If you set the attribute to no, the entry can be amended or deleted. To amend or delete an entry with the Permanent attribute set to yes, first reset the attribute to no. If the entry is amended, set Permanent back to yes afterward. The default value is no.

Priority (User priority)

This attribute specifies a value in the range 0 through 255 that CICS uses with the values of the Priority attributes in the TD and WD to establish the overall transaction processing priority. The transaction processing priority is equal to the sum of the values of the, TD, UD, and WD Priority attributes or 255, whichever is the smaller. The processing priority of a transaction determines how quickly CICS schedules that transaction. The higher the summed number, the faster CICS schedules the task. The default value is 0.

ResourceDescription (Resource description)

This attribute specifies a 30-byte ASCII text string that describes this resource. The default value is “User Definition”.

RSLKeyList (Resource Level Security Key List)

This attribute contains the list of resource security keys (RSLKey values) for this user. CICS uses this to control access to resources when running transactions. You can specify up to 24 keys, each in the range 1 through 24, separated by the vertical bar (|) character and enclosed in double quotation marks (").

Only resources whose RSLKey values are included in the RSLKeyList can be accessed by this user. Therefore, you must include the security keys of all resources that are needed by this user when running transactions. The following example of an RSLKeyList allows users to access resources with security keys of 1, 2, 8, and 23:

RSLKeyList="1|2|8|23"

Be aware of the implications of resources whose RSLKey attribute is set to public or private. If the value is public, any user is permitted to access the resource. With the value private, CICS allows access to the resource only from transactions that have the attribute RSLCheck set to none in their Transaction Definitions (TD) entry. For more information, see Authorizing access to CICS resources from applications.

The default value is none, which give access to public resources.

For more information about resource security, see Authorizing user access to CICS resources.

TSLKeyList (Transaction Level Security Key List)

This attribute specifies the list of transaction security keys (TSLKeys) for this user. CICS uses this to control access to transactions. You can specify up to 64 keys, each in the range 1 through 64, separated by the vertical bar character (|), and enclosed in double quotation marks.

Only transactions whose TSLKeys are included in the TSLKeyList are allowed for this user. Therefore, you must include the security keys of all transactions that are needed by this user. The following example of a TSLKeyList allows transactions with security keys of 1, 5, 13, and 52:

TSLKeyList="1|5|13|52"

Be aware of the implications of transactions whose TSLKey attribute is set to public. If the value is public, any user is permitted to access the transaction . For more information about transaction security, see Authorizing user access to CICS resources.

The default value is 1, which gives access to public transactions.