I am new to the mainframe and CICS. Right now, we are trying to turn on the security of CICS Transaction Server. When we enter CICS, even without sign-on, we can do everything we want. But if we type 'CESN', the System gives a message like 'DFHCE3547 Security is not active. Sign-on cannot be performed.'
Do you know why that happened? Where can I find the information I need to turn on the security?
Welcome to CICS Land.....
In order to get CICS security active, you need to code SEC=YES in the SIT (or supply this via SYSIN). The actual enablement/disablement of the various bits of CICS security is controlled by the X SIT parms.
Transaction security works by XTRAN. By default, XTRAN=YES so this enables security on transaction initiation. Don't forget that this will cover background (non-terminal attached) transactions as well as those started at a real terminal.
You will have to have a good read of the CICS RACF book to get at all the info on CICS security -- most of the description is based on RACF as the external security manager, but it also contains info relasting to non-IBM security managers.
I'd recommend not altering the names CICS uses within RACF for its definitions until you are a lot further along than now, and recommend against keying definitions to the USERID used for the CICS region (that on its job card).
Dig deeper on Mainframe operating systems and management
Related Q&A from Robert Crawford
The mainframe is IT's original cloud, and there are still ways to float cloud operations onto big iron today. But is it pragmatic?continue reading
With 3270 bridge, you can't stack input messages into one structure. The bridge can't process them all at once. It takes a little more work.continue reading
CICS expert Robert Crawford offers advice on determining the connection between CICS transactions and MQ Queue name.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.