SMSVSAM is a data-sharing subsystem running on its own address space to provide the RLS support required by CICS®.
For CICS regions using VSAM record-level sharing (RLS), access to SMSVSAM servers is controlled by RACF® security checks. The security check is made against the CICS region userid to verify that the region is authorized to register with an SMSVSAM server.
In a test environment you might wish to
use the default action and allow any CICS region using VSAM RLS to
connect to an SMSVSAM server. If you wish to protect this access,
the RACF SUBSYSNM general resource class must be active and you must
authorize each CICS region that connects to an SMSVSAM server to
have access to that server. This means granting access to the appropriate
profile in the RACF SUBSYSNM general resource class.
The general resource class, SUBSYSNM, supports authorizations for subsystems that want to connect to SMSVSAM. The SUBSYSNM profile name is the name by which a given subsystem is known to VSAM. CICS uses its applid as its subsystem name. Define a profile for the CICS applid in the SUBSYSNM resource to enable CICS to register the control ACB.
When CICS attempts to register the control ACB during initialization, SMSVSAM calls RACF to check that the CICS region userid is authorized to the CICS profile in the SUBSYSNM class. If the CICS region userid does not have READ authority, the open request fails.
RDEFINE SUBSYSNM CICSDAA1 UACC(NONE) NOTIFY(userid)
PERMIT CICSDAA1 CLASS(SUBSYSNM) ID(CICSDA##) ACCESS(READ)
PERMIT CICSD%%% CLASS(SUBSYSNM) ID(CICSDGRP) ACCESS(READ)