Automatic Terminal Signon can be used for terminals from which an explicit signon is not possible or desirable. Automatic Terminal Signon is involved whenever a protected transaction is entered from a terminal for which no explicit signon has been performed. When this occurs, CA Top Secret searches its security file for an ACID that matches the terminal name. If the ACID is not found, the transaction is failed, and you will receive message DFH3510, requesting you to sign on. If the ACID is found, then all of the normal security checking associated with this ACID is performed (with the exception of password checking).
If the automatic signon is successful, the ACID is associated with that terminal for that session, just as if an explicit signon had been performed. Processing of the intended transactions are initiated.
The ACID name generated is:
Eight‑character netname.
Eight‑character TCAM terminal name.
Four‑character terminal name.
Your installation selects which terminals are valid for Automatic Terminal Signon by defining an ACID for those terminals. Since these ACIDs are (in CA Top Secret terms) normal user ACIDs, security administration for these ACIDs is no different than other user ACIDs. The ACID should also be given a SOURCE that matches the terminal name, thereby preventing the ACID from being used from any other terminal.
For example, using a VTAM terminal whose netname is K067T018:
TSS CREATE(K067T018) NAME('EMAIL SYSTEM GR 1')
FACILITY(CICSPROD)
DEPARTMENT(CIPCC)
PASSWORD(NOPW,0)
SOURCE(K067T018)
The following illustrates CA Top Secret CICS Automatic Terminal (ATS) processing.
ATS is not performed if:
The following OPTIONS control options maybe set to affect the processing of automatic terminal signons:
OPTIONS(20) is an anachronism from releases of CICS before CICS 3.2, when the CICS SIT DFLTUSER did not exist. We recommend that the administrator should default to the CICS SIT DFLTUSER, because this involves no security overhead. If the administrator desires a separate CICS DEFACID for audit purposes (for users who cannot type their ID), the DEFACID should be a different ACID from that supplied for the SIT DFLTUSER.
If there is no ACID in the security file that matches the terminal ID, OPTION(20) will attempt to sign on as the MASTFAC facility DEFACID. If the DEFACID is incapable of signing onto the CICS region, CICS will apply the SIT DFLTUSER.
Update the last‑used statistics of an ACID employed for ATS. If this option is turned off, last‑used statistics are not updated in the security file.
You can define transactions so that they automatically initiate when you sign on. This helps you to maintain procedures, as well as enables post‑signon processing.
For example, with the command shown below, CA Top Secret starts the transaction as soon as the signon messages are cleared (after a few seconds). This transaction runs under the ACID that just signed on, so make sure the ACID has the required signon permissions.
TSS ADDTO(user) SITRAN(trans[,facility])
CA Top Secret initiates the SITRAN transaction with an EXEC CICS START command. CICS Dynamic Transaction Routing does not act on transactions started in this manner.
Note: If a transaction running attached to a terminal is invoked via EXEC CICS START, the Automatic Terminal Signon (ATS) is executed using the ACID of the user invoking the transaction. The ACID is associated with the terminal until the transaction ends, then the ATS is automatically signed off.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|