4.The TMA TCP gateway maps the mainframe user ID to a Tuxedo user ID and issues the service request on behalf of that user.
5.The Tuxedo server performs access checks (based on the tpacl file) to verify that the user has access to the requested service.
Setting Up Security for TMA TCP for CICS
The TMA TCP for CICS product supports enhanced security. This interface allows a requester from Oracle Tuxedo services to pass a User ID through the CICS server interface for authorization through your security package. For field definitions, refer to the “Configuring and Administering Oracle TMA TCP for CICS” section.
Securing User Connections
Complete the following tasks to enable the security feature for each connection.
1.Specify SECURITY=Y in the Handler Configuration screen.
2.Enter values for the ACCOUNT and PASSWORD fields in the User Connection Account screen.
When SECURITY=Y, TMA TCP for CICS verifies the ACCOUNT and PASSWORD values from the User Connection Account match the RMTACCT and PASSWORD values in the TMA TCP gateway GWICONFIG file *FOREIGN section. If these values do not match and SECURITY=Y, a security error occurs.
If SECURITY=N, the gateway allows a connection without any verification.
Securing Inbound Services
Complete the following tasks to enable the security feature for each inbound service.
1.Set up transaction security through the mainframe with the security administrator.
2.Specify SECURITY=Y in the Inbound Services screen for each service you want to secure. When SECURITY=Y, the gateway attempts to start user programs with the username that initiated the request as reported by the remote system.
If SECURITY=N, the gateway starts user programs using the gateway’s user ID (as controlled by the socket listener).
Oracle Tuxedo Mainframe Adapter for TCP CICS User Guide |
