CICS region user ID access problem

CICS security initialization can fail if the CICS region user ID does not have access to the necessary Category 1 transactions. A message similar to the following is shown:

DFHXS1103I CICSAPPL Default security for userid CICSUSER has been established.
DFHDU0304I CICSAPPL Transaction dump data set DFHDMPA opened.
DFHXS1111 CICSAPPL
 01/18/99 16:05:15 CICSAPPL ???? Security violation by user TESTRGN for resource CATA
in class TCICSTRN.SAF codes are
(X'00000004',X'00000000').ESM codes are (X'00000004',X'00000000').
DFHXS1113 CICSAPPL
The region userid cannot access system transaction CATA.  CICS will terminate.
SAF codes are (X'00000004',X'00000000').ESM codes are (X'00000004',X'00000000').

When this occurs the SAF and return codes (X'00000004') indicate that no profile in the TCICSTRN (or GCICSTRN) class is protecting the resource CATA. To resolve this a suitable profile for CATA must be defined in the TCICSTRN (or GCICSTRN) class, and CICS region user ID TESTRGN must be given at least READ access. For guidance you can use example CLIST DFH$CAT1 which is in library CICSTS31.CICS.SDFHSAMP (see Category 1 transactions).

After adding a suitable profile, you must issue the command:
     SETROPTS RACLIST (TCICSTRN) REFRESH
Even if you have also added the profile to the GCICSTRN class, you still only issue this command for TCICSTRN. If you do NOT issue this SETROPTS command, and you restart CICS, initialization will fail again with the same error, because RACF will not be using the updated definitions.