Protecting CICS load module data sets

To prevent unauthorized or accidental modification of hlq.SDFHAUTH or hlq.SDFJAUTH, you should RACF-protect these libraries. Without such protection, the integrity and security of your MVS™ system are at risk. Additionally, if you require protection against the unauthorized use of DFHSIP, do not place this module in the LPA and do not include hlq.SDFHAUTH in the MVS LNKLST unless DFHSIP is RACF-protected as a controlled program with a profile in the RACF® PROGRAM resource class.

You should also RACF-protect the other libraries (including hlq.SDFHLOAD) that make up the STEPLIB and DFHRPL library concatenations.

For information about authorizing access to CICS® data sets, see the CICS RACF Security Guide.

Authorizing access to data set services modules

Start of changeDuring initialization, CICS determines the availability of backup-while-open (BWO) support by linking to the callable services modules IGWAMCS2 and IGWABWO. CICS also checks the DFSMSdss (or DFDSS) release level by linking to the module ADRRELVL. If access to this data set services module is controlled by means of RACF PROGRAM general resource profiles, security violation messages are issued against the CICS region userid, unless the userid is authorized to access ADR-prefixed module names.End of change

You can avoid security violation messages against the CICS region userids, and still control access to data set services, as follows:

[[ Contents Previous Page | Next Page Index ]]