Access to all or access to none?

If RACF can find neither a specific nor generic profile, it returns a "no profile found" condition. CICS treats this return code exactly the same as the "user not authorized" return code, and returns the NOTAUTH condition to the CICS application program. If RACF cannot find the APPL class, it returns a "READ access intent" condition.

You can either use the completely generic profile to permit access to any resources not otherwise covered by more specific profiles, or, to prevent any access, use the UACC(READ|UPDATE) or UACC(NONE) options. For example,
RDEFINE  DCICSDCT  *  UACC(NONE)
prevents access to any transient data queue not covered by any of the other profiles defined to RACF, and results in RACF writing an SMF record.
On the other hand, you can define files as "public" by the following command:
RDEFINE  FCICSFCT  *  UACC(READ)

If you are using generic profiles, ensure that generic profile checking has been activated for the CICS RACF resource classes (both the IBM®-supplied classes and any installation-defined classes added to the RACF class descriptor table) by issuing a SETROPTS GENERIC(classname) command for any one of the CICS classes having the same POSIT value. This ensures generic checking for all other CICS classes with the same POSIT value. If you change a generic profile, you must issue a SETROPTS GENERIC(classname) REFRESH command. For more information about POSIT values and defining generic classes, see the z/OS Security Server RACF System Programmer's Guide.