Using installation-defined classes without prefixing

To set up external security for transactions, files, and PSBs in installation-defined classes, without prefixing, take the steps described in this section. For an example of how to define installation-defined classes (T$USRTRN and G$USRTRN) for the XTRAN parameter, see the IBM-supplied sample, DFH$RACF, in CICSTS31.CICS.SDFHSAMP. See also Specifying user-defined resources to RACF.

Before you define a profile, activate the relevant classes, using the SETROPTS CLASSACT and SETROPTS GENERIC commands, as described in Summary of RACF commands.

To ensure the least interruption to actual business processes, work in a test region first.
  1. Set up the following installation-defined classes:
    • T$USRTRN like TCICSTRN, and G$USRTRN like GCICSTRN
    • F$USRFCT like FCICSFCT, and H$USRFCT like HCICSFCT
    • P$USRPSB like PCICSPSB, and Q$USRPSB like QCICSPSB
For specific information on setting up installation-defined classes, see the z/OS Security Server RACF System Programmer's Guide.
  1. Plan and create RACF profiles in the relevant classes:
    RDEFINE  T$USRTRN  transaction-name  UACC(NONE)  NOTIFY(userid)
    RDEFINE  F$USRFCT  file-name         UACC(NONE)  NOTIFY(userid)
    RDEFINE  P$USRPSB  PSB-name          UACC(NONE)  NOTIFY(userid)
  2. Permit appropriate users or groups (preferably groups) to have access to the profiles:
    PERMIT  transaction-name  CLASS(T$USRTRN)  ACCESS(READ)
            ID(userid or groupid)
    PERMIT  file-name         CLASS(F$USRFCT)  ACCESS(READ)
            ID(userid or groupid)
    PERMIT  PSB-name          CLASS(P$USRPSB)  ACCESS(READ)
            ID(userid or groupid)
  3. Specify the following system initialization parameters:
    SEC=YES           XTRAN=$USRTRN         XCMD=NO
    SECPRFX=NO        XFCT=$USRFCT          XDB2=NO
                      XPSB=$USRPSB          XDCT=NO
                                            XJCT=NO
                                            XPCT=NO
                                            XPPT=NO
                                            XTST=NO
                                            XUSER=NO
                                            XAPPC=NO
  4. Start the CICS region in which you will be using external security.
  5. If you add, change, or delete RACF profiles in the related classes, refresh the in-storage profiles. (For more information, see Refreshing resource profiles in main storage.)