CICS ressource userid.DFHEXCI

Document ID : KB000121384
Last Modified Date : 22/11/2018
Show Technical Document Details
Introduction:
protecting "resource "userid.DFHEXCI" in the SURROGAT resource class," in TSS
Question:
In CICS option module for EXCI (DFHXCOPT) there is a parm SURROGCHK=YES to authorize acces to EXCI MODULE NAME = DFHXCOPT DESCRIPTIVE NAME = CICS TS External CICS Interface (EXCI) Options Module SURROGCHK: Specifies whether a surrogate-user security check is to be performed when a userid is supplied in the EXCI parameter list. NO means do not perform a check. YES means that a check is performed that the user executing EXCI has READ access to the resource "userid.DFHEXCI" in the SURROGAT resource class, where "userid" is the userid in the DFHXCIS parameter list. The default is YES. How to protect "resource "userid.DFHEXCI" in the SURROGAT resource class," in TSS ? 
Environment:
z/os CICS
Answer:
check the following documents

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/issuing-commands-to-communicate-administrative-requirements/resources/surrogat-resource-classrestrict-preset-security https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/websphere/user-identification-authentication-and-network-security

Sample commands TSS ADD(ZDFLTUSR) SURROGAT(ZDFLTUSR.DFHEXCI) TSS PER(ZCICSCSS) SURROGAT(ZDFLTUSR.DFHEXCI) ACCESS(READ)