General resource security checking by CICS and RACF

CICS® uses RACF® to protect the general resources that you can access through a CICS application program. Each resource is described briefly in Table 1, with the associated CICS system initialization parameter that you use to specify the RACF class name. For comprehensive information about application programming commands and system programming commands associated with each system initialization parameter, see Resource and command check cross reference.

Note that no authorization processing is done for BMS commands.

Table 1. General resource checking by CICS
CICS parameter General resource protected Further information
XAPPC Partner logical units (LU6.2). Implementing LU6.2 security.
XCMD The subset of CICS application programming commands that are subject to command security checking. EXEC CICS FEPI system commands are also controlled by this parameter. CICS command security
XDB2 DB2® resource classes for DB2ENTRY, are specified to CICS on the XDB2 system initialization parameter Resource classes for DB2ENTRYs
XDCT CICS extrapartition and intrapartition transient data destinations, also known as queues. Define profiles in the destination class to control who is allowed to access CICS transient data queues. Security for transient data.
XEJB Enterprise bean methods Java™ Applications in CICS
XFCT CICS file-control-managed VSAM and BDAM files. Define profiles in the file class to control who is allowed to access CICS VSAM and BDAM files. Security for files.
XJCT CICS system log and general logs. Define profiles in the journal class to control who is allowed to access CICS journals on CICS log streams. Security for journals and log streams.
XPCT CICS started transactions and EXEC CICS commands: COLLECT STATISTICS TRANSACTION, DISCARD TRANSACTION, INQUIRE TRANSACTION, INQUIRE REQID, SET TRANSACTION, and CANCEL. Define profiles in the started-transactions class to control who is allowed access to started CICS transactions. Security for started and XPCT-checked transactions.
XPPT CICS application programs. Define profiles in the program class to control who is allowed to access CICS application programs. Security for application programs.
XPSB DL/I program specification blocks (PSBs). Define profiles in the program specification block class to control who is allowed to access the DL/I PSBs used in CICS application programs. Security for program specification blocks.
XTRAN CICS transactions. Transaction security.
XTST CICS temporary storage destinations. Define profiles in the temporary storage class to control who is allowed to access CICS temporary storage queues. Security for temporary storage.
XUSER Surrogate user security. Surrogate user security.