Introduction to command security

CICS® command security applies to system programming commands; that is, commands that require the special CICS translator option, SP. Security checking is performed for these commands when they are issued from a CICS application program, and for the equivalent commands that you can issue with the CEMT master terminal transaction. Table 1 shows the commands that are subject to command security checking:
Table 1. Access required for system programming commands
Command name Access required

COLLECT
Start of changeEXTRACT STATISTICSEnd of change
INQUIRE

READ

DISABLE
ENABLE
EXTRACT
Start of change  but not EXTRACT STATISTICSEnd of change
PERFORM
RESYNC
SET

UPDATE

CREATE
DISCARD

ALTER
Note: Because the PERFORM CORBASERVER SCAN may result in the dynamic creation and installation of DJAR resources, the PERFORM CORBASERVER SCAN command requires ALTER access to the DJAR command security resource as well as UPDATE authority to the CORBASERVER resource.

Command security operates in addition to any transaction or resource security you define for a transaction. For example, if a user is permitted to use a transaction called FILA, which issues an EXEC CICS INQUIRE FILE command that the user is not permitted to use, CICS issues a "not authorized" (NOTAUTH) condition in response to the command, and the command fails.

Front End Programming Interface security uses the same mechanism for authorization as the system programming commands, using the FEPIRESOURCE resource name. Front End Programming Interface security is not discussed in this book. See the CICS Front End Programming Interface User's Guide for details.

Note: To determine who is allowed to use the SP option on the CICS translator, you can use RACF® to control who is allowed to load the DFHEITBS table at translation time. For a description of RACF program control, see the z/OS Security Server RACF Security Administrator's Guide. DFHEITBS is the language definition table that defines the system programming commands, and is loaded only on demand.