Normal CICS resource security checking for files operates at the file level
only. You can use QUERY SECURITY to enable your application to control access
to data at the record or field level.
To do this, define resource names (which represent records or fields within
particular files) with the appropriate access authorizations for the records
or fields you want to control. You could define these resources in an installation-defined
RACF general resource class and then use the QUERY SECURITY RESCLASS command
to check a terminal user's access to a specific field within a file before
displaying or updating the field. (The application logic would determine which
field.) For example:
QUERY SECURITY RESCLASS('$FILEREC') RESID('PAYFILE.SALARY')
RESIDLENGTH(14) READ(read_cvda) NOLOG
where '$FILEREC'
is an installation-defined RACF general resource class. For more information,
see
Designing applications to use the user-defined resources.