As in a single-system environment, users must be authorized to:
Attach a transaction (transaction security)
Access all the resources that the transaction is programmed to
use. These levels are called resource security, surrogate
user security, and command security
Transaction security
As in a single-system
environment, the security requirements of a transaction are specified
when the transaction is defined, as described in Transaction security.
In an IPIC environment,
two basic security requirements must be met before a transaction can
be initiated:
The link user ID must have sufficient authority to initiate the
transaction (see IPIC link security).
If anything other than USERAUTH(LOCAL) has been specified, user
security is in force. The user who is making the request must therefore
have sufficient authority to access the system and to initiate the
transaction.
Resource and command security
Resource
and command security in an intercommunication environment are handled
in much the same way as in a single-system environment.
Resource
and command security checking are performed only if the installed
TRANSACTION definition specifies that they are required; for example,
on the CEDA DEFINE TRANSACTION command, as shown in Figure 1. Figure 1. Specifying resource
and command security for transactions
If a TRANSACTION definition specifies resource security
checking, using RESSEC(YES), both the link and the user must have
sufficient authority for the resources that the attached transaction
accesses.
If a TRANSACTION definition specifies command security
checking, using CMDSEC(YES), both the link and the user must have
sufficient authority for any of the system programming commands shown
in Table 1 that the attached
transaction issues.