To implement security for transient data destinations (queues), do the
following:
- Specify RESSEC(YES) in the CSD resource definition of the appropriate
transactions.
- Define profiles to RACF® in the DCICSDCT or ECICSDCT resource classes (or their
equivalent if you have user-defined resource class names), with access lists
as appropriate. Transient data queue names are a maximum of 4 characters in
length, such as CSMT, CPLI, L86O, L86P, and so on.
For example, use the
following commands to define queues in the DCICSDCT class, and to authorize
users to both read from and write to these queues:
RDEFINE DCICSDCT (qid1, qid2, ..., qidn) UACC(NONE)
NOTIFY(sys_admin_userid)
PERMIT qid1 CLASS(DCICSDCT) ID(group1, group2) ACCESS(UPDATE)
PERMIT qid2 CLASS(DCICSDCT) ID(group1, group2) ACCESS(UPDATE)
To define transient data queues as members of a profile in the CICS® transient data
resource group class, with an appropriate access list, use the following commands:
RDEFINE ECICSDCT (queue_groupname) UACC(NONE)
ADDMEM(qida, qidb, ..., qidz) NOTIFY(sys_admin_userid)
PERMIT queue_groupname CLASS(ECICSDCT) ID(group_userid) ACCESS(UPDATE)
Specify SEC=YES as a CICS system initialization parameter (and
SECPRFX if you define profiles with a prefix).
- Specify XDCT=YES for the default resource class names of DCICSDCT and ECICSDCT (or XDCT=class_name for user-defined
resource class names).