Security Considerations

In general, when a transaction program specifies SECURITY(PGM), the user ID and password it supplies on the request must be valid in the TSAF or CS collection in which the target resource resides.

When a VM domain controller that is in both a TSAF and CS collection receives a connection request with SECURITY(PGM), it checks if the specified user ID and password are valid in the CS collection. If the user ID and password are valid, ISFC sends the request to the appropriate resource manager in the CS collection.

If the user ID and password are not defined in the CS collection, CP sends the request to TSAF and asks TSAF to determine if the user ID and password are valid in the TSAF collection. If the user ID and password are valid, ISFC sends the request to the appropriate resource manager. If TSAF indicates that the user ID and password are not valid, ISFC rejects the connection request.

For example, there are three systems, SYSTEMA, SYSTEMB, and SYSTEMC. SYSTEMA and SYSTEMB are in a CS collection, and SYSTEMB and SYSTEMC are in a TSAF collection. A user on SYSTEMB can specify a user ID and password defined on SYSTEMC for SECURITY(PGM) to connect to a resource on SYSTEMA.