Attach-time security means the checking of a transaction’s authority to attach (activate) a process or activity. It applies only when a process or activity is activated by a RUN command, not when it is activated by a LINK.
If attach-time security is required for a process, the defined userid--that is, the userid obtained from the DEFINE PROCESS command--must be given UPDATE access to the CICS® file that corresponds to the BTS data set on which details of the process and its constituent activities are stored.