Simulated CICS security checking exemptions

There may be certain individuals who need not be subject to simulated security checking. There may also be certain CICS resources that are sufficiently protected by CICSPlex® SM profiles and, therefore, do not need to be involved in security checking. You can exempt these individuals and resources from simulated CICS security checking using the CICSPlex SM CPSMXMP resource class.

To create exemption profiles use the resource name format described in Specifying CICSPlex SM resource names in profiles.

For example, you might want to define an exemption profile that allows the individuals comprising the group EYUGRP2 to bypass security checking for all views and action commands associated with the TERMINAL type within the MONITOR function, when the context is EYUPLX01 and the scope is EYUMAS1A:

  PERMIT  MONITOR.TERMINAL.EYUPLX01.EYUMAS1A  /* Resource name    */+
          CLASS(CPSMXMP)                      /* Class name       */+
          ACCESS(UPDATE)                      /* Access           */+
          ID(EYUGRP2)                         /* User or group    */+
                                              /*  granted access  */

Exemption bypasses only the simulated CICS® security checks, not the basic CICSPlex SM resource checks. For example, if a user does not have RACF® authority to issue the CICS command CEMT INQ FILE, you can enable that user to achieve the same result by creating a profile in the exemption class that allows the user to issue the equivalent CICSPlex SM command LOCFILE.