To implement security for temporary storage queues:
- Specify RESSEC(YES) in the CSD resource definition of the appropriate
transactions.
- Specify the security attribute on suitable TSMODEL resource definitions
in the CSD. CICS® does not perform any security checks on temporary storage queues
that specify SECURITY=NO on the matching TSMODEL definition.
- Define profiles to RACF in the SCICSTST or UCICSTST resource classes (or their equivalent if you have user-defined resource
class names), with access lists as appropriate. For example, use the following
commands to define queues in the SCICSTST class, and to authorize users to
both read from and write to these queues:
RDEFINE SCICSTST (tsqueue1, tsqueue2, ..., tsqueuen) UACC(NONE)
NOTIFY(sys_admin_userid)
PERMIT tsqueue1 CLASS(SCICSTST) ID(group1, group2) ACCESS(UPDATE)
PERMIT tsqueue2 CLASS(SCICSTST) ID(group1, group2) ACCESS(UPDATE)
To define temporary storage queues as members of a profile in the CICS temporary
storage resource group class, with an appropriate access list, use the following
commands:
RDEFINE UCICSTST tsqueue_group UACC(NONE)
ADDMEM(tsqueuea, tsqueueb, ..., tsqueuex)
NOTIFY(sys_admin_userid)
PERMIT tsqueue_group CLASS(UCICSTST) ID(group_userid) ACCESS(UPDATE)
For more information about defining temporary storage profiles, see Other temporary storage security considerations.
Specify SEC=YES as a CICS system initialization parameter (and
SECPRFX if you define profiles with a prefix).
- Specify XTST=YES as a CICS system initialization parameter for the default
resource class names of SCICSTST and UCICSTST (or XTST=class_name for user-defined
resource class names).
Note: CICS continues to support the DFHTST TYPE=SECURITY macro for
defining temporary storage security. However, you are recommended to migrate
your temporary storage tables (TSTs) to the CSD as TSMODEL definitions.