Controlling access to fields in RACF profiles

Use the FIELD resource class to define profiles that control access to fields in the RACF® database. By creating profiles in the RACF FIELD class, in the following form, you can permit listing or updating of the CICS® or LANGUAGE segments in the user profiles, and of appropriate fields in partner-LU profiles.
USER.CICS.OPIDENT
USER.CICS.OPCLASSN
USER.CICS.OPPRTY
USER.CICS.TIMEOUT
USER.CICS.XRFSOFF
USER.LANGUAGE.USERNL1
USER.LANGUAGE.USERNL2
APPCLU.SESSION.SESSKEY
APPCLU.SESSION.KEYINTVL
APPCLU.SESSION.SLSFLAGS 

Alternatively, you can set up a generic profile USER.CICS.**, to control access to all fields in the CICS segment. Before defining generic profiles use the SETROPTS GENERIC command, as described in Summary of RACF commands.

You need READ access to list these profiles, and UPDATE access to change them. For further guidance, see the section on field level access checking in the z/OS Security Server RACF Security Administrator's Guide.