The AXE transactions must be installed in one or more groups with appropriate security mechanism provided by CICS or by an external security manager. Local CICS users should not be able to start any of these transactions.
The security levels are:
This is the session level security that can be used if the partner LU supports LU-to-LU verification.
This controls the link authorization to attach the AXE transaction.
For more information on CICS security, see the VTAM Resource Definition Reference and the CICS/VSE Intercommunication Guide manuals.
After deciding on the security level, specify the TCLASS parameter in the CICS System Definition for the AXE transaction. An example is shown below.
DFHSIT ...,CMXT=(5,6,2,1,,),...
DEFINE TRANSACTION(AXE1) GROUP(DB2710) PROGRAM(ARICAXED) *
TWASIZE(0) INDOUBT(BACKOUT) SPURGE(YES) TPURGE(YES) TCLASS(1)
DEFINE TRANSACTION(AXE2) GROUP(DB2710) PROGRAM(ARICAXED) *
TWASIZE(0) INDOUBT(BACKOUT) SPURGE(YES) TPURGE(YES) TCLASS(2)
DEFINE TRANSACTION(AXE3) GROUP(DB2710) PROGRAM(ARICAXED) *
TWASIZE(0) INDOUBT(BACKOUT) SPURGE(YES) TPURGE(YES) TCLASS(3)
DEFINE TRANSACTION(AXE4) GROUP(DB2710) PROGRAM(ARICAXED) *
TWASIZE(0) INDOUBT(BACKOUT) SPURGE(YES) TPURGE(YES) TCLASS(4)
DEFINE TRANSACTION(AXE5) GROUP(DB2710) PROGRAM(ARICAXED) *
TWASIZE(0) INDOUBT(BACKOUT) SPURGE(YES) TPURGE(YES) TCLASS(5)
| Note: | There are a maximum of ten classes which can be defined to CICS. Ensure that when you design your security methodology, you do not commit a class for more than one purpose. That is, if you use TCLASS 1 for limiting ISQL users, then that is the same limit if you assign TCLASS 1 for limiting remote users. |
In the example, 5 remote users can access the application server with TPN AXE1, 6 remote users can access the application server with TPN AXE2 and so on. If AXE4 is a privileged TPN for a critical application, only that application is given access to TPN AXE4. This way, the application has exclusive use of a real agent on the application server.