Setting up CICSPlex SM Web User Interface security
You can set Web User Interface security requirements for CICS® security, Secure Sockets Layer (SSL) support, and access to MVS™ data sets.
User security access summary
| User Roles | CICS Web Support | Administrator | User | View Editor |
|---|---|---|---|---|
| Transactions | COVP COVE COVU | COVG COVC | COVA | COVA |
| CICS surrogate user security | Yes | |||
| View Editor profile | Yes | |||
| CICSPlex® SM and CICS security | As appropriate for individual users | As appropriate for individual users |
CICS security in your Web User Interface server region
If your Web User Interface server region is running with CICS security active, you must define the security access required for the CICS Web Support, by the administrator and by the users of the View Editor.
You can use CICS transaction security to limit the users who are allowed to control the Web User Interface server using the COVC transaction.
Security access for the CICS Web Interface
If CICS transaction security is in use, the CICS DFLTUSER must be given access to the COVP, COVU, and COVE transactions.Security access for the administrator
The user ID that starts the Web User Interface (the terminal user of COVC or PLTPIUSR, if started automatically using PLTPI) must have access to the COVC and COVG transactions. If CICS surrogate user security checking is active in the Web User Interface server region, the user ID that started the Web User Interface (the terminal user of COVC or PLTPIUSR, if started automatically using PLTPI) must have READ access to wui-userid.DFHSTART in the SURROGAT class for all Web User Interface users.
Security access for users of the View Editor
Users of the Web User Interface require access to the COVA transaction and CICSPlex SM. Users of the View Editor require access to the COVA transaction, CICSPlex SM, and the View Editor profile.
All users who are successfully signed on to the Web User Interface have access to all of the customizable view and menu help pages, if the customizable view and menu help is served by the Web User Interface.
Secure Sockets Layer support
You can provide secure connections by using the Secure Sockets Layer (SSL) support to provide encryption on the connection. For information about SSL support, see Web User Interface server initialization parameters for information about the TCPIPSSL and TCPIPSSLCERT Web User Interface server initialization parameters that you must specify for SSL support and for more guidance on SSL, see Configuring CICS to use SSL.
Web User Interface SSL support uses server authentication only. User authentication is by the external security manager (ESM) user ID and password.