View previous topic :: View next topic |
Author |
Message |
GuruRaj Beginner
Joined: 19 Dec 2003 Posts: 21 Topics: 15
|
Posted: Wed Jan 21, 2004 9:45 am Post subject: cics |
|
|
hi
when i type l c001 in emulator i enter cics logon panel but without typing my userid or password i say exit & ctrl c i am able work in cics region.
can any one tell me how to solve this problem. |
|
Back to top |
|
|
warp5 Intermediate
Joined: 02 Dec 2002 Posts: 429 Topics: 18 Location: Germany
|
Posted: Thu Jan 22, 2004 1:51 am Post subject: |
|
|
Sounds like you do not have security on in your Cics or you do not have a security product set up. What kind of security product do you have in your shop (RACF ?) ? |
|
Back to top |
|
|
GuruRaj Beginner
Joined: 19 Dec 2003 Posts: 21 Topics: 15
|
Posted: Thu Jan 22, 2004 9:09 am Post subject: |
|
|
hi
we have security product racf, and i protected the cics transaction ex-CEDA
but even without logging in by username and id i am able to work in cics region. |
|
Back to top |
|
|
Mike Chantrey Intermediate
Joined: 10 Sep 2003 Posts: 234 Topics: 1 Location: Wansford
|
Posted: Thu Jan 22, 2004 10:55 am Post subject: |
|
|
By default, when not signed on you will be able to work in CICS and run any transaction which is not protected by the RACF transaction resource class. If you want to prevent users from getting in at all without signing on, you can write your own signon program which will (e.g)
a/ ignore all keys except ENTER, PF3,CLEAR,PA1,
b/ do an 'EXEC CICS ISSUE DISCONNECT' if PF3,CLEAR,PA1 is keyed, and
c/ insist on a valid signon (using EXEC CICS SIGNON) if ENTER is keyed. This is what we do.
You then need to either:
a/ Point the CSGM transaction to your program
b/ Change the SIT parameter GMTRAN to point to any transaction you have defined to point to your signon program.
the alternative is to ensure all transactions (except some special CICS ones that must not be) are appropriately protected by the transaction class, so that being signed on doesn't allow you to do anything.
Note that if you change the CICS transaction resource class, you probably need to do something like the RACF command "SETROPTS RACLIST(TCICSTRN) REFRESH" for your change to take effect (or possibly CEMT P SECURITY REBUILD in CICS if you have a very old CICS version). |
|
Back to top |
|
|
warp5 Intermediate
Joined: 02 Dec 2002 Posts: 429 Topics: 18 Location: Germany
|
Posted: Fri Jan 23, 2004 1:41 am Post subject: |
|
|
Do you have the following two parameters set either in your cics startup sysin or in your sit?
SEC=YES RACF SUPPORT
SECPRFX=YES RACF SUPPORT cics prefix |
|
Back to top |
|
|
|
|