You might want to consider the following:
- You could create several different CICS runtime principals for different
regions, and so reduce scope of the access granted to each principal.
- If you are using this process within an existing system name space, there
may be other principals (and credentials) in use. They need to be given write
access to the new subcontext created by dfhNewCICSSubcontext. The comments in the dfhNewCICSSubContext LDIF file discuss ways to
check if this is so, and how to tailor the LDIF file appropriately before
executing the ldapadd.