The simplest way to secure the CAS is to control access to the TSO signon procedure or CLIST used to access CICSPlex® SM, as described in the CICS® Transaction Server for z/OS® Installation Guide. This is sufficient for most enterprises. However, you can provide further control over the CAS by creating RACF® profiles using the resource names described in Table 1.
Function | Resource name | Class name |
---|---|---|
For the CAS and the CMAS to define an MVS subsystem: | ||
Define the SSCT for the CAS | SUBSYS.ssid.DEFINE | FACILITY |
For the CAS to initialize as an MVS subsystem: | ||
Define, initialize, and use an SSCT | SUBSYS.ssid.INIT | FACILITY |
For any user or CMAS connecting to the CAS: | ||
Connect to CAS | BBM.ssid.CN | FACILITY |
For a user opening a window to a particular context or changing to a new context: | ||
Access to a service point |
|
FACILITY |
When a CMAS attaches a service point for a context: | ||
Attach a service point | BBM.smfid.CPSM.context.TC | FACILITY |
To allow access to the PlexManager views and actions: | ||
Access to any PLEXMGR specific secured action (currently only CASDEF). | BBM.PLEXMGR.smfid.AA | FACILITY |
Access to the CASACT view | BBM.PLEXMGR.smfid.CYAD0.OD | FACILITY |
Access to the CASDEF view | BBM.PLEXMGR.smfid.CYAB0.OD | FACILITY |
Access to any CASDEF view action | BBM.PLEXMGR.smfid.CYAB0.AO | FACILITY |
Access to the DIAGSYS view | BBM.PLEXMGR.smfid.CZZ01.OD | FACILITY |
Access to the DIAGSESS view | BBM.PLEXMGR.smfid.CZZ02.OD | FACILITY |
Access to PLEX view or PLEXOVER view | BBM.PLEXMGR.smfid.CCE92.OD | FACILITY |
To allow access to the views and actions which can be accessed from either PlexManager or CICSPlex SM: | ||
Access to any PLEXMGR secured action from the shared views. |
|
FACILITY |
Access to the VIEWS view |
|
FACILITY |
Access to the SCREENS view |
|
FACILITY |
Access to the DIAGMSG view |
|
FACILITY |
Access to any DIAGMSG view action |
|
FACILITY |
Access to a specific DIAGMSG view action (ON or OFF) |
|
FACILITY |