Specifying CAS and PlexManager resource names in profiles

The simplest way to secure the CAS is to control access to the TSO signon procedure or CLIST used to access CICSPlex® SM, as described in the CICS® Transaction Server for z/OS® Installation Guide. This is sufficient for most enterprises. However, you can provide further control over the CAS by creating RACF® profiles using the resource names described in Table 1.

To control access to the CAS functions and PlexManager views, you create profiles in the RACF FACILITYclass. Table 1 lists the resource names that you should use in these profiles. In all cases, define READ access to these resources. The following variable names are used in Table 1 to illustrate resource names. When you define your profiles, replace these variable names with the actual value(s) used on your system(s).
Note: You must define a profile in order for it to have a level of protection. If no profile exists, resources are unprotected.
context
The context being accessed. For PlexManager views, this is the MVS™ image SMF ID; for CICSPlex SM views, it is the CICSPlex SM context.
smfid
The SMF ID of the MVS system on which the CAS or CMAS is running.
ssid
The CAS MVS subsystem ID.
Table 1. Resource names used by specific functions
Function Resource name Class name
For the CAS and the CMAS to define an MVS subsystem:
Define the SSCT for the CAS SUBSYS.ssid.DEFINE FACILITY
For the CAS to initialize as an MVS subsystem:
Define, initialize, and use an SSCT SUBSYS.ssid.INIT FACILITY
For any user or CMAS connecting to the CAS:    
Connect to CAS BBM.ssid.CN FACILITY
For a user opening a window to a particular context or changing to a new context:
Access to a service point
For CAS:
BBM.smfid.PLEXMGR.context.TA
For CMAS:
BBM.smfid.CPSM.context.TA
FACILITY
When a CMAS attaches a service point for a context:
Attach a service point BBM.smfid.CPSM.context.TC FACILITY
To allow access to the PlexManager views and actions:
Access to any PLEXMGR specific secured action (currently only CASDEF). BBM.PLEXMGR.smfid.AA FACILITY
Access to the CASACT view BBM.PLEXMGR.smfid.CYAD0.OD FACILITY
Access to the CASDEF view BBM.PLEXMGR.smfid.CYAB0.OD FACILITY
Access to any CASDEF view action BBM.PLEXMGR.smfid.CYAB0.AO FACILITY
Access to the DIAGSYS view BBM.PLEXMGR.smfid.CZZ01.OD FACILITY
Access to the DIAGSESS view BBM.PLEXMGR.smfid.CZZ02.OD FACILITY
Access to PLEX view or PLEXOVER view BBM.PLEXMGR.smfid.CCE92.OD FACILITY
To allow access to the views and actions which can be accessed from either PlexManager or CICSPlex SM:
Access to any PLEXMGR secured action from the shared views.
For CAS:
BBM.PLEXMGR.smfid.COMMON.AA
For CMAS:
BBM.CPSM.context.COMMON.AA
FACILITY
Access to the VIEWS view
For CAS:
BBM.PLEXMGR.smfid.MCE90.OD
For CMAS:
BBM.CPSM.context.MCE90.OD
FACILITY
Access to the SCREENS view
For CAS:
BBM.PLEXMGR.smfid.MCE95.OD
For CMAS:
BBM.CPSM.context.MCE95.OD
FACILITY
Access to the DIAGMSG view
For CAS:
BBM.PLEXMGR.smfid.MYA40.OD
For CMAS:
BBM.CPSM.context.MYA40.OD
FACILITY
Access to any DIAGMSG view action
For CAS:
BBM.PLEXMGR.smfid.MYA40.AO
For CMAS:
BBM.CPSM.context.MYA40.AO
FACILITY
Access to a specific DIAGMSG view action (ON or OFF)
For CAS:
BBM.PLEXMGR.smfid.msgsdaid.MYA40.OA
For CMAS:
BBM.CPSM.context.msgsdaid.MYA40.OA
where, for msgsdaid, you substitute one of the following values, which appear on the DIAGMSG view on the line where ON or OFF is specified:
GEMM
Extended Message Mode
LEMM
Extended Message Mode
LSEMM
Security Extended Message Mode
LESTR
Extended Security Trace
GESTR
Extended Security Trace
LSSTR
Simple Security Trace
GSSTR
Simple Security Trace
GSSM
Safe Security Message Display
WSXASTR
Extended Authorization Simple Trace
FACILITY