2009/1/13 Itschak Mugzach <[email protected]> > > Please have a look at this scenario: > > CICS of organization "A" is connected (LU6.2 Connection) to CICS of > organization "B". No problem with that. I looked into the CDRM and found > some other application of organization "B" defined in VTAMLST of oranization > "A". Tried LOGON APPLID(xxx) and gpt the GMtran of org. "B" (if it is the > default, I can travel in this CICS...). I also riched TSO logon etc. > > Now, I want to block (at) org "b" ability to get to org "a" applications > other then the CICS connection that was agreed between Org "A" and "B". Is > this possible?
Sure, but you have to code up a VTAM Session Management Exit (SME). This is described in the SNA Customization book. The summary says "The session management exit is a multi-function exit that you can use to control and manage LU-LU session-related functions. You can use the exit to authorize session establishments, obtain session accounting data, and better manage SSCP and GWPATH selection." Coding a basic SME is not too difficult, but getting it to do what you want flexibly is a little harder. You could just hard code the sessions to be allowed, or those to be denied, but then if somone changes the naming conventions, you have a problem. There is at least one commercial product, Blockade For MVS, which has been around for a long time (since 1988), that manages and authorizes SNA sessions in a very flexible way based on RACF permissions, and also provides management of 3270 logons via a session manager. This was developed by Blockade, was acquired by Proginet in 2005, and has recently been acquired by Beta Systems Software. I guess I should mention that I work there... > I also want to block the ability to enter logon applid command (may be by > userid, even of the solution will require entering userid & password). How > to achive that? I doubt you can do that with USS, but I may be wrong. But there is nothing to say you have to provide a USS screen to your users. > What other alternatives are offered to connect to vtam applications when USS > tab is displaied, other then LOG APPLID and selecting from the uss tab? I > mean, is there any bypass to LOG APPLID if blocked? Um, Blockade For MVS can help with that too. Having mentioned this product, since I'm in development, not marketing, I should say that I'm not sure if it is being actively marketed any more. Certainly it is still fully supported, and running happily at a number of customer sites, but controlling SNA connections is nowadays a "legacy" niche. But if it's what you need, it works very well. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
