When a region attempts to be an SDT server, it calls RACF to check whether its user ID has the required access authority to its APPLID. If the call fails, the region cannot initialize the required SDT support to be a server. This minimizes the risk that an AOR might accept counterfeit data records from an FOR that is not properly authorized to act as an SDT server. This check is never bypassed, even when SEC=NO is specified at system initialization.
RDEFINE FACILITY (DFHAPPL.CICSHF01) UACC(NONE)
PERMIT DFHAPPL.CICSHF01 CLASS(FACILITY) ID(CICSSDT1) ACCESS(UPDATE)
RDEFINE FACILITY (DFHAPPL.CICSTST*) UACC(READ)
PERMIT DFHAPPL.CICSTST* CLASS(FACILITY) ID(SDTGRP1) ACCESS(UPDATE)