User IDs checked for CICS connections
The user IDs checked for CICS® connections depend on whether one or two checks are to be carried out, and whether an alternate user ID is specified.
Alternate user ID specified on open? | hlq.ALTERNATE.USER.userid profile | hlq.CONTEXT.queuename profile | hlq.resourcename profile |
---|---|---|---|
No, 1 check | - | ADS | ADS |
No, 2 checks | - | ADS+TXN | ADS+TXN |
Yes, 1 check | ADS | ADS | ADS |
Yes, 2 checks | ADS+TXN | ADS+TXN | ADS+ALT |
Key:
- ALT
- Alternate user ID
- ADS
- The user ID associated with the CICS batch job or, if CICS is running as a started task, through the STARTED class or the started procedures table.
- TXN
- The user ID associated with the CICS transaction. This is normally the user ID of the terminal user who started the transaction. It can be the CICS DFLTUSER, a PRESET security terminal, or a manually signed-on user.
Determine the user IDs checked for the following conditions:
- The RACF® access level to the RESLEVEL profile, for a CICS address space user ID, is set to NONE.
- An MQOPEN call is made against a queue with MQOO_OUTPUT and MQOO_PASS_IDENTITY_CONTEXT.
First, see how many CICS user IDs are checked based on the CICS address space user ID access to the RESLEVEL profile. From Table 1 in topic RESLEVEL and CICS connections, two user IDs are checked if the RESLEVEL profile is set to NONE. Then, from Table 1 on, these checks are carried out:
- The hlq.ALTERNATE.USER.userid profile is not checked.
- The hlq.CONTEXT.queuename profile is checked with both the CICS address space user ID and the CICS transaction user ID.
- The hlq.resourcename profile is checked with both the CICS address space user ID and the CICS transaction user ID.