Distributed program link security with LU6.2

The CICS® distributed program link (DPL) facility enables a CICS program (the client program) to call another CICS program (the server program) in a remote CICS region. DPL is used when the SYSID option on the LINK API command, or the REMOTESYSTEM option of the PROGRAM resource definition, specifies a remote CICS region.

When the SYSID option on the LINK command specifies a remote CICS system, the client region does not perform any resource security checking, but leaves the resource check to be performed in the server region.

The server program in the remote region is executed by a mirror transaction, in a similar way to other function-shipped CICS requests. However, the transaction name associated with the mirror depends on how the LINK command is invoked in the client region. You must be aware of the transaction name because normal attach security applies to the mirror transaction:
  • If the TRANSID option is specified on the DPL command, the specified transaction name is used for the mirror.
  • If the TRANSID option is omitted from the DPL command, but the TRANSID option is used in the program resource definition in the client region, the name for the mirror is taken from the program's TRANSID specification.
Otherwise, a default name for the mirror transaction is used, and this depends on the origin and LU6.2 sync level of the conversation:
  • If synclevel 1 is being used, the default transaction name for the mirror is CVMI. This transaction name is used:
    • If the SYNCONRETURN option is specified on the DPL command in the client region
    • If the LU6.2 CONNECTION definition specifies SINGLESESS(YES)
    • If the connection is by means of an LU6.2 terminal; that is, a terminal whose resource definition uses a TYPETERM with a specification of DEVICE(APPC)
  • If sync level 2 is being used, the default transaction name is CSMI. This transaction name is used when none of the other previous conditions is met.

Authorize your users to access the transaction name that the mirror runs under. The userids to be authorized depend on whether LOCAL or non-LOCAL attach security is being used, and are described in Security checking done in AOR with LU6.2. If the mirror transaction is defined with RESSEC(YES) in the server region, these userids must also be authorized to access the server program that is being linked to by the mirror. If the server program accesses any CICS resources, the same userids must be authorized to access them. If the server program invokes any system programming commands, and the mirror transaction is defined with CMDSEC(YES) in the server region, the same userids must be authorized to access the commands.

If the mirror transaction cannot be attached because of security reasons, the NOTAUTH condition is not raised, but the TERMERR condition is returned to the issuing application in the client region. If the mirror transaction is successfully attached, but it is not authorized to link to the distributed program in the server region, the NOTAUTH condition is raised. The NOTAUTH condition is also raised if the server program fails to access any CICS resources for security reasons.

The server program is restricted to a DPL-subset of the CICS API commands when running in a server region. The commands that are not supported include some that return security-related information. For programming information about which commands are restricted, see CICS command summary. For further information about DPL, refer to CICS distributed program link.