Using IBM-supplied classes without prefixing

To set up external security for transactions, files, and PSBs, using IBM®-supplied resource classes and without prefixing, take the steps described in this section.

Before you define a profile, activate the relevant classes, using the SETROPTS CLASSACT and SETROPTS GENERIC commands, as described in Summary of RACF commands.

To ensure the least interruption to actual business processes, work in a test region first.
  1. Plan and create RACF profiles in the relevant classes:
    RDEFINE  TCICSTRN  transaction-name  UACC(NONE)  NOTIFY(userid)
    RDEFINE  FCICSFCT  file-name         UACC(NONE)  NOTIFY(userid)
    RDEFINE  PCICSPSB  PSB-name          UACC(NONE)  NOTIFY(userid)
  2. Permit appropriate users or groups (preferably groups) to have access to the profiles:
    PERMIT  transaction-name  CLASS(TCICSTRN)  ACCESS(READ)
            ID(userid or groupid)
    PERMIT  file-name         CLASS(FCICSFCT)  ACCESS(READ)
            ID(userid or groupid)
    PERMIT  PSB-name          CLASS(PCICSPSB)  ACCESS(READ)
            ID(userid or groupid)
  3. Specify the following CICS system initialization parameters:
    SEC=YES           XTRAN=YES        XCMD=NO
    SECPRFX=NO        XFCT=YES         XDB2=NO
                      XPSB=YES         XDCT=NO
                                       XJCT=NO
                                       XPCT=NO
                                       XPPT=NO
                                       XTST=NO
                                       XUSER=NO
                                       XAPPC=NO
  4. Start the CICS region in which you will be using external security.
  5. If you add, change, or delete RACF profiles in the related classes, refresh the in-storage profiles. (For more information, see Refreshing resource profiles in main storage.)