Defining CICS BAC FACILITY class profiles

About this task

You use the RACF RDEFINE command to define FACILITY general resource class profiles, and the PERMIT command to grant and restrict access to resources based on a user ID or RACF group. If you do not have access to the RACF security database to create the required profiles yourself, ask your security administrator to create them for you using the information you provide, based on the information in this chapter. For more information about RACF security, see the z/OS Security Server RACF Security Administrator’s Guide, SA22-7683, and the z/OS Security Server RACF Command Language Reference, SA22-7687.

Using the information about the structure of CICS BAC resource names explained in the previous topic, you can define the required FACILITY class resource profiles for all your CICS BAC resources using the RACF RDEFINE command as follows:
RDEFINE FACILITY $CBK.applid.accessType.objectType.objectName UACC(NONE)
where applid, accessType, objectType, andobjectName are as defined in CICS BAC resource names.

When you have defined in this way all the CICS BAC resources to which you need to control access, the next step is to give specific user IDs or group IDs permission to access these resources. Typically, these will be the user IDs that are specified on a batch request utility job, a file maintenance utility job, the user IDs of users of the workstation administration client, or the TSO user of the ISPF administration interface. The UACC of NONE ensures that only the users specifically authorized are able to access your CICS BAC resources.