Terminal user security
To secure resources from unauthorized access, CICS® requires some means of uniquely identifying individual users of the system.
For this purpose, first define the users to RACF® by creating an entry in the RACF database, referred to as a user profile. To identify themselves to CICS, users sign on by specifying their RACF user identification (user ID) and the associated password, or operator identification card (OIDCARD) in the CICS-supplied sign-on transaction, CESN. Alternatively, they can use an equivalent transaction developed by your own installation by issuing the EXEC CICS SIGNON command provided for this purpose.
When users enter the CESN transaction, CICS verifies user IDs and passwords by a call to RACF. If the terminal user sign-on is valid, the CICS user domain keeps track of the signed-on user. Thereafter, CICS uses the information about the user when calling RACF to make authorization checks. You can use the GMTRAN system initialization parameter to control what happens if the user fails to complete the sign-on. For example, all subsequent transactions use the CICS default user ID, or the terminal session is disconnected.
For some terminals,
and for MVS™ consoles which are used as CICS terminals,
it may be appropriate to use preset terminal security.
Preset terminal security allows you to associate a user ID permanently
with a terminal that is defined to CICS. This means that CICS implicitly
on the terminal when it is being installed, instead of the terminal
being signed on subsequently. Preset security is often defined for
devices without keyboards, such as printers, at which users cannot
You can also use this form of security on ordinary display terminals as an alternative to terminal user security. This permits anyone with physical access to a terminal with preset security to enter the transactions that are authorized for that terminal, without the need to sign on to CICS. The terminal remains signed on as long as it is installed, and no explicit sign-off can be performed against it. If the user ID associated with a display terminal with preset security authorized to use any sensitive transactions, ensure that the terminal is in a secure location to which access is restricted. For example, terminals physically located within a CICS network control center might be appropriate for preset security.