CICS security services

Each CICS region authenticates users and incoming communication, and authorizes access to the resources of that system. The security service that a CICS region provides consists of authorization and authentication services. You can enhance or replace authorization services by using an External Security Manager (ESM) that is called from CICS®. Similarly, you can enhance or replace authentication services by using an External Authentication Manager (EAM) that is called from CICS.

CICS authentication depends on user definitions that are defined in:

The CICS runtime database
The EAM, which allows the user's login and password to be authenticated from an external authentication source, such as RACF®, or LDAP

CICS authorization depends on the user definitions and attributes of other resource definitions that are defined in:

The CICS runtime database
The ESM

For more information about CICS security services, see the following topics:

Authentication of CICS users by a CICS user ID and password
Use of External Authentication Manager for CICS authentication
Authorization of access to resources
Use of External Security Manager for CICS security