Example: Allowing a user to change a named transaction in any AOR

In this example, we'll allow user PAYUSR1 to update transaction AMNU running on any AOR in CICSplex PLXPROD1 (consisting of the three CICS® systems in the example above).
  1. Activate simulated CICS security.

    Simulated CICS security, which tells CICSPlex® SM to honor CICS security definitions, can be used to protect transaction definitions. You can activate simulated CICS security from the CPLEXDEF view (for the CICSplex); from the CICSSYS view (for a MAS at MAS startup); or from the MAS view (for a running MAS).

  2. Give user PAYUSR1 update access to the OPERATE.TRAN views:
           PE OPERATE.TRAN.PLXPROD1.CICSAA0* CLASS(CPSMOBJ) +
              ID(PAYUSR1) A(UPDATE)
  3. If necessary (such a profile will usually already have been defined), define a RACF® profile to protect transaction AMNU:
        RDEF ACICSPCT AMNU     +
             UACC(NONE)        +
             OWNER(admin_group)
    (For more information about this step, see the CICS-RACF Security Guide.)
  4. Give user PAYUSR1 update access to transaction AMNU:
        PE AMNU CLASS(ACICSPCT) ID(PAYUSR1) A(UPDATE)
    If you use a class other than (the CICS default of) ACICSPCT, you must specify its name in place of ACICSPCT.
  5. Verify that the MASs have SIT parameter XPCT=YES.
In this example, we've had to give PAYUSR1 update access to the transaction views, and then to transaction AMNU itself. Both authorizations are necessary.