CICS® uses many system resources, and these must be protected against
unauthorized access. This protection is provided by profiles in the following
general resource classes:
- APPCLU
- Verifies the identity of APPC partner logical units (LU type 6.2) during VTAM® session establishment. For more information, see Defining profiles in the APPCLU general resource class.
- APPL
- Controls terminal users' access to VTAM applications, including
CICS. For more information, see Authorizing access to the CICS region.
- CONSOLE
- Controls user access to consoles. For more information, see Console profiles.
- DIGTCERT
- Contains digital certificates, and related information. For more information,
see Creating new RACF certificates.
- EJBROLE
- Contains security roles used for enterprise bean security roles. The
corresponding resource group class is GEJBROLE. For more information, see Java™ Applications in CICS.
- FACILITY
- The FACILTY general resource class is used to protect several different
system resources. These are described in Resources protected by the FACILITY general resource class.
- FIELD
- Controls access to fields in RACF® profiles. For more information, see Controlling access to fields in RACF profiles.
- JESSPOOL
- Protects JES spool data sets. For more information, see JES spool protection in a CICS environment.
- LOGSTRM
- Controls access to the MVS™ logstreams that CICS uses for its system
logs and general logs. For more information, see Authorizing access to MVS log streams.
- OPERCMDS
-
- Controls which console users are allowed to issue MODIFY commands directed
to particular CICS regions. For more information, see Using an MVS system console as a CICS terminal.
- Controls which operator commands CICS can issue; for example, commands
in the command list table (CLT), and MODIFY network commands.
- PROGRAM
- Controls which users can start CICS. For more information, see Protecting CICS load libraries.
- PROPCNTL
- Prevents the CICS region userid being propagated to jobs that are submitted
from CICS to the JES internal reader, and that do not specify the USER operand.
For more information, see Controlling userid propagation.
- PTKTDATA
- Contains the encryption keys used for generating and validating PassTickets.
For more information, see Generating and using RACF PassTickets.
- SERVAUTH
- Define profiles in the SERVAUTH general resource class to establish
a trust relationship between servers when using asserted identity authentication for IIOP clients.
For more information, see Authentication.
- STARTED
- Contains profiles that provide the userids for MVS started jobs. For
more information, see Using STARTED profiles for started jobs.
- SUBSYSNM
- Authorizes subsystems (such as instances of CICS) to open a VSAM ACB
and use VSAM Record Level Sharing (RLS) functions. For more information, see Authorizing access to SMSVSAM servers.
- SURROGAT
- Specifies which userids can act as surrogates for other userids. For
more information, see Surrogate user security.
- TERMINAL
- Controls the ability of users to sign on at individual terminals. The
corresponding resource group class is GTERMINL. For more information, see Preset terminal security.
- VTAMAPPL
- Controls the ability of users to open a VTAM ACB. For more information,
see Controlling the opening of a CICS region's VTAM ACB.