Security at the mainframe level concerns all components residing on the mainframe and components that interact with the mainframe, including CICS, the DirectConnect for z/OS Option, your database, the Server Option, and the DB2 UDB Option for CICS.
CICS works with security systems like RACF to verify transaction requests against the user ID and password. The authorization ID passed to DB2 UDB from CICS is system-dependent, based on the security requirements at your installation. You specify the authorization ID in the CICS RCT table with the AUTHID parameter.
If the communications software of your DirectConnect for z/OS Option platform supports passing login information to the mainframe, you can use an external mainframe security product, such as RACF, that requires client login information.
Your mainframe DBMS may have additional security mechanisms.
You can customize the Server Option to specify whether an access code is required to retrieve client passwords. See Appendix A, “Customization Options.”
The transaction name for the DB2 UDB Option for CICS
is AMD2.
The security requirements are as follows:
The current user must have execute privileges on the DB2 UDB plan for the Catalog RPCs.
The DB2 UDB CURRENT SQLID must be the same for the AMD2 transaction and plans, and for Catalog RPCs.
The shipped default authority for AMD2 and Catalog RPCs is AUTH=(AMD2). You must change the default to set up security. When you do, be sure to keep AMD2 and Catalog RPCs in synchronization.
For specific security information about the DB2 UDB
Option for CICS, refer to the Mainframe Connect DB2 UDB Options
for CICS and IMS Installation and Administration Guide.
