CICS® application programs process files, which, to CICS, are logical views of physical VSAM or BDAM data sets. You identify a file to CICS by an 8-character file name, and you can define many files to CICS that refer to the same physical data set, which is separately identified by a 44-character data set name (DSNAME). For example, you can define file resource definitions called FILEA, FILEB, and FILEC, all of which refer to one physical VSAM data set, but with each file definition specifying different attributes.
CICS transactions access the data in physical data sets using the CICS file control name. Therefore, you control access to CICS-managed files by defining profiles in the RACF® general resource classes for CICS files, not in the RACF data set class. You define the profiles using the CICS 8-character file name to identify the resource. (RACF data set authorization based on the 44-character data set name is used only during OPEN processing, to determine whether the CICS region userid is authorized to access the data set for which the OPEN has been requested. This does not depend on the userid running the transaction that caused the OPEN to be performed.)
RDEFINE FCICSFCT (file1, file2, .., filen) UACC(NONE)
NOTIFY(sys_admin_userid)
PERMIT file1 CLASS(FCICSFCT) ID(group1, group2) ACCESS(UPDATE)
PERMIT file2 CLASS(FCICSFCT) ID(group1, group2) ACCESS(READ)
RDEFINE HCICSFCT (file_groupname) UACC(NONE)
ADDMEM(filea, fileb, .., filez) NOTIFY(sys_admin_userid)
PERMIT file_groupname CLASS(HCICSFCT) ID(group_userid) ACCESS(UPDATE)
Note that RDO transactions do not use file commands to access the CSD, and are not, therefore, subject to these mechanisms.