SAS/C Software: Changes and Enhancements, Release 6.50

APPC Security

Since the remote debugger uses CPI-C APPC and user-level transaction programs, effectively, the SECURITY resource equals SAME (SECURITY=SAME) in all environments. This means that whenever you run the remote debugger using APPC, the client program process must have the same effective userid as the debugger display process. For example, if the remote debugger display is running under TSO userid SASCXXX, then to debug a CICS program, the CICS session must be signed on with userid SASCXXX from, the CESN transaction.

Batch jobs and APPC address spaces inherit the effective userid of the submitter, and do not generally pose a security problem. However, to support the case when the client program is running on a different system on the VTAM network, you may need to update certain RACF (or equivalent product) resource classes, including:

VTAMAPPL APPCLU
APPL
APPCPORT APPCTP
APPCSI

For details on these resource classes, refer to the IBM publication MVS/ESA Planning: APPC Management, Version 4.0 (GC28-1110-0).

Note: The TCP/IP communications access method does not require the remote debugger processes to have the same effective userid. Therefore, you may want to use TCP/IP as the remote debugger communication method to avoid the restrictions imposed by APPC. [cautend]

Chapter Contents
Previous
Next
Top of Page