In a test environment you might wish to use the default
action and allow any CICS region using VSAM RLS to connect to an SMSVSAM
server. If you wish to protect this access, the RACF SUBSYSNM general
resource class must be active and you must authorize each CICS® region
that connects to an SMSVSAM server to have access to that server.
This means granting access to the appropriate profile in the RACF® SUBSYSNM
general resource class. You define profiles in the SUBSYSNM resource
class to control access by subsystems like CICS that
want to connect to SMSVSAM.
A SUBSYSNM profile name is the name by which a given subsystem, such as CICS, is known to VSAM. For CICS regions, you must use the CICS applid as the profile name in the SUBSYSNM general resource class.
When CICS attempts to register the control ACB during CICS initialization, SMSVSAM calls RACF to check that the CICS region userid is authorized to a profile name in the SUBSYSNM class that matches the CICS applid. If the CICS region userid does not have READ authority, the register fails.
For example, if the applid of a CICS AOR is CICSDAA1, and the CICS region userid (shared by a number of AORs) is CICSDA# # , define and authorize the profile as follows:
RDEFINE SUBSYSNM CICSDAA1 UACC(NONE) NOTIFY(userid)
PERMIT CICSDAA1 CLASS(SUBSYSNM) ID(CICSDA# # ) ACCESS(READ)
You can use wildcard characters on the applid to specify
more than one CICS region, for example:
PERMIT CICSD%%% CLASS(SUBSYSNM) ID(CICSDGRP) ACCESS(READ)