search cancel

XTRAN=YES and XPCT=YES rules used with ACF2

book

Article ID: 253698

calendar_today

Updated On:

Products

ACF2 - z/OS

Issue/Introduction

At CICS startup time: 


ACFAE303 Setting DFHSIT value XPCT=YES   
ACFAE304 Setting DFHSIT value XTRAN=YES  

What resource is actually in effect for XTRAN & XPCT ? 

 

 

 

Environment

Release : 16.0

Resolution

The ACF2 techdocs transaction security describes the following related to ACF2 CICS transaction validation.
 
Transaction Security
CICS recognizes two types of transaction access: XTRAN and XPCT.
When a transaction begins execution, or is attached in CICS terminology,
CICS performs an XTRAN validation check.
When any other type of transaction access is made, such as through an
EXEC CICS INQUIRE, SET, or START command, CICS instead performs an XPCT validation check.
The CICS interface lets you protect both types of transaction accesses via a single entity,
or it lets you protect them independently of one another.
The TRANS CICSKEY resource activates both the XTRAN and XPCT levels of transaction checking.
The XPCT CICSKEY resource activates only the XPCT level of checking and is mutually
exclusive with the TRANS CICSKEY resource.
The XTRAN CICSKEY resource activates only the XTRAN level of checking and is
also mutually exclusive with the TRANS CICSKEY resource.
If you are running the CICSPLEX/SM (CPSM) product and you want to run with security
active in a CICS Managed Address Space (CMAS) region,
CPSM will not allow you to activate the XPCT level of transaction checking.
In such an environment you would want to activate only the XTRAN CICSKEY resource.
If you are using the XPCT or XTRAN CICSKEY resources to secure transaction
accesses, you must supply a set of SAFE and PROTECT lists for each resource type.
This might be a migration concern if you currently use the TRANS CICSKEY resource
to protect transaction accesses.


At startup of the CICS region, ACF2/CICS will set the relevant CICS DFHSIT parameter in the in-storage SIT as follows..
IF CICSKEY RESOURCE=TRANS is set, both XPCT=YES and XTRAN=YES will be set and use the same resource type.
IF CICSKEY RESOURCE=XPCT is set, XPCT=YES will be set. The resource type is obtained from the XPCT CICSKEY.
IF CICSKEY RESOURCE=XTRAN is set, XTRAN=YES will be set. The resource type is obtained from the XTRAN CICSKEY.

You cannot set XTRAN or PCT when TRANS is specified.