If you specify security with SEC=YES as a system initialization parameter, CICS requires a level of authorization appropriate to the file access intended: a minimum of READ for read intent, and a minimum of UPDATE for update or delete intent.
For information about the access authorization levels for system programming commands which apply to files, see Resource and command check cross reference.