Q

Is it better to have a unique CICS userid assigned to each region?

We have a number of CICS regions that are currently running under CICS 2.1.2 with internal security. There is a single CICS userid used for all regions. We are now going to migrate to Transaction Server and external security. I'm thinking that from a security standpoint, it is better to have a unique CICS userid assigned to each region as opposed to a single one shared across all of them. What are your thoughts on this matter?

You have left it a long time to move away from 2.1.2 (a CICS release of which I had a lot to do with the coding of!) and is now unsupported. I strongly recommend going straight to CTS 2.2 and not stopping off on the way at CTS 1.3 - there is nothing particularily interesting to you about the Java Support in CTS 2.2, so there is absolutlely no benefit in pausing along the way: the main item of concern will be to implement the logger (and this is equally painful to get going in either release).

You will need two logonids: one for the StartedTask/Job that the CICS Region will be using (which will have to be OE enabled) and another one to act as the default & non-terminal userid used by CICS Transactions.

I don't think that there is any benefit at all in having different JCL logonids for your CICS regions.

There is a bit of a stronger case in having different default userids INSIDE the CICS regions, but I'm not really too keen on that either. I say this because these default userids will want - bassically - the same level of authority wherever they run. Which means it's going to be a waste of time ensuring that a change to one regions-default-access gets done/migrated to all the others. This is especially so if the CICS regions are being cloaned (multiple AORs) for performance or integrity reasons.

On the other hand - if you have lots of AORs that are doing logically different things, it may be better to have distinct default userids.


This was first published in March 2003

Dig deeper on Mainframe operating systems and management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseLinux

SearchServerVirtualization

SearchCloudComputing

Close