Start of CKTI fails with DFHAC2003 security violation in CICS TS 5.4 or higher

Question & Answer

Question

Why does an attempt to start tranid CKTI fail with a security violation in CICS Transaction Server for z/OS (CICS TS) V5.4? The request fails with the following messages:

DFHMQ0391 Start requested for mqmonitor DFHMQINI, transaction CKTI.
DFHAC2003 Security violation has been detected term id = ????, trans id = XXXX, userid = CICSUSR.

The request failed because it is using the CICS Default Userid. I am able to see that the request succeeded in CICS TS V5.3 because it was being attached under a valid userid.

Answer

CICS TS V5.4 has a new resource called MQMONITOR with MONUSERID and USERID attributes that interact with security. You may have defined an MQMONITOR resource without valid userids.

If you are going to use MQMONITOR, you may need to:

remove the INITQ name from the MQCONN
create an MQMONITOR definition with that INITQNAME and Transaction CKTI with a valid userids.

See "Security considerations" in section MQMONITOR resources of the CICS TS V5.4 documentation for more information.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"MQ","Version":"5.4,5.5","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

CICS/TS CICSTS CICS TS CICS Transaction Server

Was this topic helpful?

Document Information

Modified date:
27 September 2018

UID

dwa1441437

Tips