Definitions of Resource Access Control Facility

This section describes procedures for setting up Substation ES security in the CICS environment.

The steps assume that a minimal CICS security environment already exists in Resource Access Control Facility (RACF). For additional information on setting up an initial CICS security environment, see the CICS Transaction Server for z/OS RACF Security Guide from IBM.

Procedure

  1. Optional: If you do not set up RACF for CICS security, you can set a minimal Substation ES for CICS security with the following RACF commands: 
    TSO SETROPTS GENERIC(TCICSTRN)
TSO RDEFINE TCICSTRN * UACC(READ)
TSO RDEFINE TCICSTRN SXEU UACC(NONE)
    Warning: Setting minimal Substation ES security with the preceding RACF commands is not an operational recommendation by either TIBCO or IBM.
  2. After setting security (or verifying that security exists in RACF), pick a user ID that is authorized to execute the most sensitive transactions.
    Note: The following steps assume that the user ID is MAXCICS and that the CICS STARTED procedure is CICSPROC.
  3. Set up the STARTED class or its equivalent to run Substation ES under the user ID MAXCICS:
    TSO RDEFINE STARTED (CICSPROC.*) STDATA(USER(MAXCICS) GROUP(CICSGRP) PRIVILEGED(NO) TRUSTED(NO) )
  4. Enter the following commands:
    TSO PERMIT SXEU CLASS(TCICSTRN) ACCESS(READ) GENERIC ID(MAXCICS)
  5. Activate the RACF class TCICSTRN:
    TSO SETROPTS CLASSACT(TCICSTRN)
  6. Optional: Define additional profiles with RDEFINE to limit the authority for specific transactions, as necessary.

Example

For guidance on setting up RACF, see the Security Server RACF Security Administrator's Guide, Security Server RACF Command Language Reference, and Transaction Server for z/OS CICS RACF Security Guide from IBM.