Sign-on capable terminals allow CICS®-supplied (CESN), or user-written sign-on transactions to be run. When a terminal is sign-on capable it is the responsibility of the user application to start the sign-on transaction. The userid and password are determined by the user application and are embedded in the 3270 data. If the userid is authenticated, subsequent transactions started at the terminal are executed in the CICS server with the authorities assigned to the authenticated userid. Transactions started before a sign-on transaction has completed have the authorities granted to the default userid defined for the CICS server. A check is also done against the userid associated with the connection to see whether the CICS Transaction Gateway or CICS Universal Client has authority to execute the transaction.
The user application can start a signoff transaction at the terminal. The user can also be signed off by the server following a predefined period of inactivity. The user application should allow for this possibility. In either case, subsequent transactions started at the terminal are executed with the authorities assigned to the CICS server default userid.
For transactions attempting to access resources, security checking is done against the userid associated with the connection and the signed-on user’s userid.