Here is the format of the security keys that the CICS® Configuration
Manager server creates
to check a user's authority to manipulate resource definitions:
- 1
- If the target resource definition
key specifies a ResGroup that does not exist, then the API command
the attempts to create the ResGroup. This involves an additional security
key, as if a Create API command had been requested for the ResGroup.
Note that this additional security checking does not involve API command
security checking for a Create API command; just resource definition
security checking for the ResGroup that needs to be created (as per
the entry for Create in this table).
- 2
- If the resource type is a group/ResGroup, then specify a "-" (hyphen)
character as the group parameter.
- 3
- If the source CICS configuration refers to an export file,
then no security check is performed for the source resource definition.
- 4
- You can think of a Rename API command as consisting of two operations:
delete the source resource definition, and then create the target
resource definition. Both operations require ALTER access authority.
A Rename API command for a group/ResGroup
involves resource definition security checks (requiring ALTER access
authority) for all of the following:
- Each source resource definition (in the original group/ResGroup)
- Each target resource definition (in the renamed group/ResGroup)
- When renaming a ResGroup (not a group): the target ResGroup
- 5
- The CICS configuration
parameter for Import refers to the target CICS configuration where the resource definition
is to be imported (copied) to, not the source CICS configuration (that refers to the export
file) where the resource definition is to be imported from.
6 
If the resource type is not associated with
a group/ResGroup, then specify a "-" (hyphen) character as the group parameter.If
the resource type does not have a unique name,
then specify a "-" (hyphen) character as the name parameter.
For
example, specify group as a hyphen and name as
a hyphen for the CICSPlex® SM
full-function BAS APPLDEF, RASINDSC, and SYSLINK resource types.

For each resource definition, the Copy and Rename API commands
create two security keys, and make two calls to the external security
manager: one for the source resource definition, and another for the
target resource definition.
For the Rename API command, the parameter for the CICS configuration is labelled "target" in
both security keys because you can only rename a resource definition
within the same CICS configuration.
The resource definition name is the last qualifier in the security
key to simplify group resource profile definitions: some resource
types may contain a period (.) as part of the resource name.
For descriptions of the fields in these keys, see API parameters.