If you use security at the containerdn level, CICS has write access to containerdn and all nodes below it. This allows CICS, or a CICS application using the JNDI interfaces, to write to all these nodes, including those that belong to WebSphere Application Server for z/OS and OS/390. If you use security at the CICS region level, then CICS and CICS applications are only able to write to the specific CICS nodes in the tree.