Problem solve Get help with specific problems with your technologies, process and projects.

Is it better to have a unique CICS userid assigned to each region?

We have a number of CICS regions that are currently running under CICS 2.1.2 with internal security. There is a single CICS userid used for all regions. We are now going to migrate to Transaction Server and external security. I'm thinking that from a security standpoint, it is better to have a unique CICS userid assigned to each region as opposed to a single one shared across all of them. What are your thoughts on this matter?

You have left it a long time to move away from 2.1.2 (a CICS release of which I had a lot to do with the coding of!) and is now unsupported. I strongly recommend going straight to CTS 2.2 and not stopping off on the way at CTS 1.3 - there is nothing particularily interesting to you about the Java Support in CTS 2.2, so there is absolutlely no benefit in pausing along the way: the main item of concern will be to implement the logger (and this is equally painful to get going in either release).

You will need two logonids: one for the StartedTask/Job that the CICS Region will be using (which will have to be OE enabled) and another one to act as the default & non-terminal userid used by CICS Transactions.

I don't think that there is any benefit at all in having different JCL logonids for your CICS regions.

There is a bit of a stronger case in having different default userids INSIDE the CICS regions, but I'm not really too keen on that either. I say this because these default userids will want - bassically - the same level of authority wherever they run. Which means it's going to be a waste of time ensuring that a change to one regions-default-access gets done/migrated to all the others. This is especially so if the CICS regions are being cloaned (multiple AORs) for performance or integrity reasons.

On the other hand - if you have lots of AORs that are doing logically different things, it may be better to have distinct default userids.

Dig Deeper on IBM system z and mainframe systems

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.