Security quick-start

Here are brief, step-by-step instructions for setting up security for TRS. This section assumes that mainframe security is already configured to match the values you will specify as you go through these steps. For details, see the complete description of each procedure that follows in this chapter.

To set up security for TRS

Set the TRS Security configuration property to yes

Start TRS.

Assign a password to the “sa” account. (See “Changing user passwords and logins”.)
```
exec sgw_chpwd sa, password
```
Remember this password. If you forget passwords for all TRS logins with administration privileges, you will have to reconfigure all of TRS security.
(LU 6.2 only) Use sgw_addcon to define the connections your TRS uses. Specify LUs that use a mode entry that supports conversation level security. Talk to your VTAM system programmer and verify that the PSERVIC property has a value of “x'12'” or “x'10'” in the tenth byte.
```
exec sgw_addcon con_name, region, mode,  "max_sessions" 
```
See “Adding a connection configuration”.
(LU 6.2 only) Use sgw_addcongrp to add a connection group:
```
exec sgw_addcongrp group_name 
```
See “Adding a connection group”.
For LU 6.2 or TCP/IP:
- (LU 6.2 only) Use sgw_addcontogrp to add connections to the connection group:
```
exec sgw_addcontogrp group_name, con_name 
```
  See “Adding connections to a connection group”.
- (TCP/IP only) Use sgw_addregion to specify the regions:
```
exec sgw_addregion region, hostname, "port_number" 
```
  See “Defining regions to TRS”.
Use sgw_addrpc to add RPCs:
```
exec sgw_addrpc rpc_name, tran_id, region, security 
```
In the sgw_addrpc procedure, use one of these security parameters to specify the login information to send to the mainframe for each RPC:
- none – do not send login information to the mainframe.
- userid – send only the user ID to the mainframe.
- both – send both the user ID and the password to the mainframe. (Use values that your mainframe security recognizes.)
See “Adding an RPC”.
Use the sgw_addtrngrp procedure to add a transaction group:
```
exec sgw_addtrngrp tran_group, GROUP_LOGIN,  GROUP_PWD, langrpc, langpwdlevel 
```
See “Adding a transaction group”.

The values of GROUP_LOGIN and GROUP_PWD must be uppercase.
Use sgw_addrpctogrp to add RPCs to the transaction group:
```
exec sgw_addrpctogrp tran_group, rpc_name,  rpcpwdlevel 
```
For each RPC you add to the group, specify the source of the mainframe login using one of these rpcpwdlevel parameters:
- none – do not send login information to the mainframe.
- user – send the host login and password specified in the sgw_addlog procedure (see the next step) to the mainframe.
- group – send the login and password specified in the sgw_addtrngrp procedure (see “Adding a transaction group”) to the mainframe.
See “Adding RPCs to a transaction group”.
Use sgw_addlog to add a login. Specifying the transaction group and connection group that you added in the previous steps:
```
exec sgw_addlog login, pwd, HOST_LOGIN, HOST_PWD, tran_group, con_group, gwctrl 
```
See “Adding a login”.

Be sure the values of HOST_LOGIN and HOST_PWD are in uppercase. For LU 6.2, use the con_group parameter. For TCP/IP, include a comma as a placeholder.