IBM CICS Transaction Server for OS/390 SC33-1686-02 User Manual
Page 186
CEMT SET DB2CONN
is terminated. Additionally, authorization changes
cause accounting records to be produced.
AUTHId
specifies what id should be used for security checking
for pool threads. If AUTHID is specified, AUTHType
may not be specified.
AUTHType
specifies the type of ID that can be used for pool
threads. If AUTHType is specified AUTHID may not be
specified. CVDA values are:
GROUP
Specifies the 8-character USERID and the
connected group name as the authorization ID.
The following table shows how these two values
are interpreted by DB2.
To use the GROUP option the CICS system must
have SEC=YES specified in the CICS system
initialization table (SIT).
If no RACF group ID is available for this USERID,
an 8-character field of blanks is passed to DB2 as
the group ID.
SIGN
Specifies the SIGNID parameter of the DB2CONN
should be used as the resource authorization ID.
TERM
Specifies the terminal identification (four
characters padded to eight) as an authorization ID.
An authorization ID cannot be obtained in this
manner if a terminal is not connected with the
transaction.
If a transaction is started (using a CICS command)
and has no terminal associated with it,
AUTHTYPE(TERM) should not be used.
TX
Specifies the transaction identification (four
characters padded to eight) as the authorization
ID.
OPID
The operator identification associated with the
userid that is associated with the CICS transaction
is used as the authorization ID (three characters
padded to eight).
USERID
The 8-character USERID associated with the
CICS transaction is used as the authorization ID.
When the DB2 sample sign-on exit DSN3@SGN
is used with AUTHTYPE(USERID), the exit sends
the user ID to DB2 as the primary authorization ID
and the RACF group ID to DB2 as the secondary
ID. When the sample sign-on exit is used, there is
no difference between AUTHTYPE(USERID) and
AUTHTYPE(GROUP).
COMAUTHId
specifies which id should be used for security checking
when using command threads. If COMAUTHid is
specified, COMAUTHType may not be specified.
COMAUTHType
specifies the type of id that can be used for security
checking when using command threads. If
COMAUTHType is specified, COMAUTHid may not be
specified. CVDA values are:
CGROUP
Specifies the 8-character USERID and the
connected group name as the authorization ID.
The following table shows how these two values
are interpreted by DB2.
To use the CGROUP option the CICS system
must have SEC=YES specified in the CICS
system initialization table (SIT).
If no RACF group ID is available for this USERID,
an 8-character field of blanks is passed to DB2 as
the group ID.
CSIGN
Specifies the SIGNID parameter of the DB2CONN
should be used as the resource authorization ID.
IDs passed to DB2
How DB2 interprets values
CICS sign-on user ID
(USERID)
Represents the primary DB2
authorization ID.
RACF-connected
group name
If the RACF list of group options
is not active, DB2 uses the
connected group name supplied
by the CICS attachment facility
as the secondary DB2
authorization ID. If the RACF list
of group options is active, DB2
ignores the connected group
name supplied by the CICS
attachment facility, but the value
appears in the DB2 list of
secondary DB2 authorization
IDs.
IDs passed to DB2
How DB2 interprets values
CICS sign-on user ID
(USERID)
Represents the primary DB2
authorization ID.
RACF-connected
group name
If the RACF list of group options
is not active, DB2 uses the
connected group name supplied
by the CICS attachment facility
as the secondary DB2
authorization ID. If the RACF list
of group options is active, DB2
ignores the connected group
name supplied by the CICS
attachment facility, but the value
appears in the DB2 list of
secondary DB2 authorization
IDs.
168
CICS Supplied Transactions