search cancel

XUSER=NO and SURROGAT resource class

book

Article ID: 258178

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

There are several users with permits for the SURROGAT resource.

XUSER is NO in the DFHSIT table of CICS. 

These permits for the SURROGAT resource are going to be removed but it is safe to do so?

Is it possible that SURROGAT class is used even when the value of XUSER is NO in DFHSIT? 

Environment

Release : 16.0

Resolution

XUSER=NO will not plant the hooks into CICS for SURROGAT checking. Without the hooks, the SURROGAT checking will not be done.

In addition to the value of XUSER in DFHSIT, it is necessary to check the value of the FACMATRX and XUSER suboptions in the facility used by CICS.

 

When FACMATRX suboption is set to YES in the CICS facility then the CICS DFHSIT table parameters are overridden by the CICS facility suboptions so with FACMATRX=YES and XUSER=NO in the CICS facility the Surrogate user checking is not performed by Top Secret.

 

Use the following command to display the CICS suboptions used by the CICS facility

 

TSS MODIFY FAC(facility_name)

 

A sample of the output:

 

TSS9550I FACILITY DISPLAY FOR CICSFACN                            
TSS9551I INITPGM=DFH      ID=C  TYPE=004                                    
TSS9552I ATTRIBUTES=IN-USE,ACTIVE,SHRPRF,ASUBM,NOABEND,MULTIUSER,NOXDEF     
TSS9552I ATTRIBUTES=NOLUMSG,STMSG,SIGN(M),INSTDATA,RNDPW,AUTHINIT           
TSS9552I ATTRIBUTES=NOPROMPT,NOAUDIT,RES,WARNPW,NOTSOC,LCFTRANS             
TSS9552I ATTRIBUTES=MSGLC,NOTRACE,NOEODINIT,IJU,NODORMPW,NONPWR             
TSS9552I ATTRIBUTES=LUUPD,NOPWONLY,NOPHRONLY                                
TSS9553I MODE=FAIL  DOWN=GLOBAL  LOGGING=INIT,MSG                           
TSS9554I UIDACID=8 LOCKTIME=000 DEFACID=*NONE*   KEY=8                      
TSS9560I FACMATRX=YES      EXTSEC=YES      EJBRPRFX=NO                      
TSS9561I XJCT=YES XFCT=NO  XCMD=YES XDCT=YES XTRAN=YES XDB2=NO  XEJB=NO     
TSS9561I XTST=YES XPSB=YES XPCT=YES XPPT=YES XAPPC=NO  XUSER=NO          
TSS9561I XHFS=NO  XRES=NO                                                   
TSS9564I PCTEXTSEC=OVERRIDE    PCTCMDSEC=OVERRIDE  PCTRESSEC=OVERRIDE       
TSS9565I DSNCHECK=NO   LTLOGOFF=NO       RLP=NO   SLP=NO   PCLOCK=NO        
TSS9566I MAXUSER=15000  PRFT=003  MAXSIGN=010,RETRY                         
TSS9567I CICSCACHE=TASKLIFE,NOAUDIT,0512   BYPLIST=YES                      
TSS0300I  MODIFY   FUNCTION SUCCESSFUL    

 

In this sample, the CICS regions using the CICSFACN facility will not have SURROGAT checking.

                                 

Additional Information

XUSER

 

FACMATRX and XUSER suboptions in CICS facility