USER.CICS.OPIDENT
USER.CICS.OPCLASSN
USER.CICS.OPPRTY
USER.CICS.TIMEOUT
USER.CICS.XRFSOFF
USER.LANGUAGE.USERNL1
USER.LANGUAGE.USERNL2
APPCLU.SESSION.SESSKEY
APPCLU.SESSION.KEYINTVL
APPCLU.SESSION.SLSFLAGS
Alternatively, you can set up a generic profile USER.CICS.**, to control access to all fields in the CICS segment. Before defining generic profiles use the SETROPTS GENERIC command, as described in Summary of RACF commands.
You need READ access to list these profiles, and UPDATE access to change them. For further guidance, see the section on field level access checking in the z/OS Security Server RACF Security Administrator's Guide.