I am new to the mainframe and CICS. Right now, we are trying to turn on the security of CICS Transaction Server. When we enter CICS, even without sign-on, we can do everything we want. But if we type 'CESN', the System gives a message like 'DFHCE3547 Security is not active. Sign-on cannot be performed.'
Do you know why that happened? Where can I find the information I need to
turn on the security?
Welcome to CICS Land.....
In order to get CICS security active, you need to code SEC=YES in the SIT (or supply this via SYSIN). The actual enablement/disablement of the various bits of CICS security is controlled by the X SIT parms.
Transaction security works by XTRAN. By default, XTRAN=YES so this enables security on transaction initiation. Don't forget that this will cover background (non-terminal attached) transactions as well as those started at a real terminal.
You will have to have a good read of the CICS RACF book to get at all the info on CICS security -- most of the description is based on RACF as the external security manager, but it also contains info relasting to non-IBM security managers.
I'd recommend not altering the names CICS uses within RACF for its definitions until you are a lot further along than now, and recommend against keying definitions to the USERID used for the CICS region (that on its job card).
This was first published in November 2002