Important: We support User Impersonation for Microsoft SQL Server on Windows platforms only; however, we support User Impersonation for Oracle on both Windows and UNIX platforms.
Note: This topic does not apply to the XDB RM switch module.
The SQL RM switch modules allow CICS- and JES-initiated transactions to execute using different user credentials than those specified within the xa_open string. This is called user impersonation. The credentials used instead are for:
- CICS - the user currently logged in
- JCL - the user specified in the job card
With user impersonation, the credentials specified in the open string for each XAR must be for an account that can impersonate other users, but otherwise has minimal database privileges and access rights.
Note: For JCL, if no user ID is specified on the job card, the batch job will run with database user ID JESUSER. If the CICS transaction is run without a CICS login, it will execute with database user ID CICSUSER.
- CICS processing
- For CICS processing, create a CICS user ID with the same name as the database user ID you want to impersonate. If you are using internal Enterprise Server security, you can use the Enterprise Server Monitor and Control (ESMAC) feature to create and administer CICS user IDs. If, however, you are using an external security manager, configure the user ID via LDAP. For more information, see
Environment Variables used in Enterprise Server Security. For general details on CICS user IDs for Enterprise Server security, see
Enterprise Server Security.
- JES and CICS processing
- For both JES and CICS processing, be sure that the impersonated user IDs, which are the actual database user IDs used, have sufficient database privileges to execute the code and access the underlying database tables.