Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

CICS/TS Security question

31 views
Skip to first unread message

Herczeg, Zoltan

unread,
Apr 19, 2018, 2:44:40 PM4/19/18
to

               We are running z/vse 4.2 and cics/ts 1.1. We are trying to implement security in cics so we restored the iescntl and bstcntl files from a system where security is working fine. We then run a batch job to execute BSTADMIN with the PERFORM DATASPACE REFRESH. Then we change the cics startup adding SEC=YES,XTRAN=YES,SECPRFX=YES  and the // ID USER= matches the cics startup on both systems. When we bring up the system we think will be secured we see messages that security has started, default security for user CICSUSER established and security initialization has ended. However when we try to enter a secured transaction like CEDA the transaction works fine without signing on. It’s as if security isn’t active. On the system we copied the control files from you are restricted from using CEDA unless you sign on. I am thinking it is something simple but I am drawing a blank. Any suggestions?

 

Thanks

Zoltan

indust...@winwholesale.com

unread,
Apr 19, 2018, 3:20:03 PM4/19/18
to
"VSE-L" <vse-l-bounces+industrynews=winwhole...@lists.lehigh.edu> wrote on 04/19/2018 02:44:27 PM:
> On the system we copied the control files from you are restricted from
> using CEDA unless you sign on. I am thinking it is something simple but
> I am drawing a blank. Any suggestions?


        If you have the IUI available, you can confirm in which transaction group the CEDA transaction is defined (path: 2811) and what access level it has.  The provided groups are GROUP01 through GROUP64.  GROUP01 is the one that traditionally does not require signon.  But, I believe the way this is implemented in CICS is that every user is given access to GROUP01.  So, it might be something like you've given the CICS default user permission to that group, too.


Sincerely,

Dave Clark
--
Winsupply Group Services
3110 Kettering Boulevard
Dayton, Ohio  45439  USA
(937) 294-5331


*********************************************************************************************
This email message and any attachments is for use only by the named addressee(s) and may contain confidential, privileged and/or proprietary information. If you have received this message in error, please immediately notify the sender and delete and destroy the message and all copies. All unauthorized direct or indirect use or disclosure of this message is strictly prohibited. No right to confidentiality or privilege is waived or lost by any error in transmission.
*********************************************************************************************

alice....@terra.com.br

unread,
Apr 19, 2018, 3:20:05 PM4/19/18
to
Hello Zoltan,

Maybe the CICS running in this system you copied iescntl and bstcntl files from has another name.
Since you are using SECPRFX=YES...

Best Regards,
Alice



Em Qui 19/04/18 15:44, Herczeg, Zoltan zol...@krasdalefoods.com escreveu:

               We are running z/vse 4.2 and cics/ts 1.1. We are trying to implement security in cics so we restored the iescntl and bstcntl files from a system where security is working fine. We then run a batch job to execute BSTADMIN with the PERFORM DATASPACE REFRESH. Then we change the cics startup adding SEC=YES,XTRAN=YES,SECPRFX=YES  and the // ID USER= matches the cics startup on both systems. When we bring up the system we think will be secured we see messages that security has started, default security for user CICSUSER established and security initialization has ended. However when we try to enter a secured transaction like CEDA the transaction works fine without signing on. It’s as if security isn’t active. On the system we copied the control files from you are restricted from using CEDA unless you sign on. I am thinking it is something simple but I am drawing a blank. Any suggestions?

 

 

 

Thanks

 

Zoltan

 

_______________________________________________
VSE-L mailing list
VS...@lists.lehigh.edu
https://lists.lehigh.edu/mailman/listinfo/vse-l

indust...@winwholesale.com

unread,
Apr 19, 2018, 3:25:53 PM4/19/18
to
"VSE-L" <vse-l-bounces+industrynews=winwhole...@lists.lehigh.edu> wrote on 04/19/2018 03:19:50 PM:
> Maybe the CICS running in this system you copied iescntl and bstcntl
> files from has another name.
> Since you are using SECPRFX=YES...


        Ah, good point.  We use SECPRFX=NO so I didn't even catch that.

indust...@winwholesale.com

unread,
Apr 19, 2018, 4:28:51 PM4/19/18
to
"VSE-L" <vse-l-bounces+industrynews=winwhole...@lists.lehigh.edu> wrote on 04/19/2018 04:19:26 PM:
> The // id user=   are identical.


        But which does that id match in your SIT?  APPLID or DFLTUSER?

indust...@winwholesale.com

unread,
Apr 19, 2018, 4:37:42 PM4/19/18
to
"VSE-L" <vse-l-bounces+industrynews=winwhole...@lists.lehigh.edu> wrote on 04/19/2018 04:28:45 PM:
> "VSE-L" <vse-l-bounces

> +industrynews=winwhole...@lists.lehigh.edu> wrote on 04/19/2018
> 04:19:26 PM:
> > The // id user=   are identical.
>
>         But which does that id match in your SIT?  APPLID or DFLTUSER?


        I ask because SECPRFX is supposed to specify the ESM user id for CICS and DFLTUSER is also supposed to specify ESM user id for CICS.  So if these are not in agreement I'm not sure which one would win out.  But, this also ties back to what I said about giving the DFLTUSER access to any transaction group other then GROUP01.

Herczeg, Zoltan

unread,
Apr 19, 2018, 8:16:04 PM4/19/18
to

Applid, as the security records are applid.ceda  etc.

 

Zoltan

Click here to report this email as spam.

Herczeg, Zoltan

unread,
Apr 19, 2018, 8:19:16 PM4/19/18
to

I cycled secserv brought up cics and security works. Thanks for the suggestions.

 

Zoltan

0 new messages