RE: CICS/TS EXCI security

[Mondy, Stephen , US - Texas]

Frank,

I don’t know about EXCI security but maybe try using the same // USER ID=xxxx in the jobs?

 

Steve

 

From: VSE-L [mailto:vse-l-bounces+steve.mondy=opensolu...@lists.lehigh.edu] On Behalf Of Frank M. Ramaekers
Sent: Thursday, June 08, 2017 8:34 AM
To: 'VSE Discussion List (vs...@lists.lehigh.edu)'
Subject: CICS/TS EXCI security

 

We are (finally) starting to utilize EXCI to access/update files in a CICS/TS region.  We are using a ESM (Top Secret) and it’s reporting a security violation, which I don’t quite understand.  Normally jobs run under the security of the job submitter, but this is using the FORSECxx userid:

 

Id ApplId   RESP RSP2 Abnd Users / Error Message                                                                                    

.. TESTEUR  0058 019E      DFHAC2047 06/08/17 07:09:54 TESTEUR While performing an attach for node  DFHGEN  a security violation was

                            detected.                                                                                               

 

Top Secret is reporting that the FORSECX1 (it was running in X1) is not defined.

 

Can someone lend some insight as to how this type (EXCI) of security works?

 

Thanks,

Frank M. Ramaekers Jr. | Systems Programmer | Information Technology | American Income Life Insurance Company | 254-761-6649

 

[Frank M. Ramaekers]

Nope, that doesn’t help.

 

Frank M. Ramaekers Jr.

_____________________________________________________

This message contains information which is privileged and confidential and is solely for the use of the

intended recipient. If you are not the intended recipient, be aware that any review, disclosure,

copying, distribution, or use of the contents of this message is strictly prohibited. If you have

received this in error, please destroy it immediately and notify us at Priva...@torchmarkcorp.com.

[Mick Poil]

Frank,

I have never needed to use security on EXCI, but as a quick guess does this (z/OS) clue help?

http://www-01.ibm.com/support/docview.wss?uid=swg21575572

A word of caution. EXCI uses MRO, which can be seriously expensive on VSE in terms of cpu time, so just watch how many MRO interactions you use and check cpu usage. The amount of cpu usage is not a bug.

Mike

[Deetjen, Jean-Max]

Frank,

You must define the rtransction to the security system ( I use BSM) here.  look into II 2.8.1.1

 

Max

------------------------------------------------------------------------ The information contained in this communication is intended only for the use of the recipient(s) named above. It may contain information that is privileged or confidential, and may be protected by State and/or Federal Regulations. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. ------------------------------------------------------------------------

[Mick Poil]

That sounds encouraging. I recently did some performance tests on Function Shipping of VSAM and TSQ requests, and there is a big difference compared to local use.

Mick

[Jamieson, David]

Frank,

 

change the EXCG connection to ATTACHSEC(LOCAL),  it should then use the userid of your batch job.  If there are still problems, open a case and we’ll help you resolve this.

 

 

David Jamieson CA Technologies Principal Software Engineer CA Computer Associates Holding GmbH | Marienburgstrasse 35 | Darmstadt | D-64297 Office: +49 6151949 0 |

[Frank M. Ramaekers]

Yes, yes that’s the ticket!  Thanks David!

 

Frank M. Ramaekers Jr.