Authorizing the server CICS region user ID to access all CSD files

To access CSD files, CICSĀ® Configuration Manager relies on the authority of the CICS region user ID for the CICS region running the CICS Configuration Manager server. This CICS region user ID must be authorized to access all of the CSD files that you want to manage. This is different to an environment without CICS Configuration Manager, where each CICS region user ID might have access only to their own CSD files.

CICS Configuration Manager provides a single point of control for managing resource definitions across multiple CICS regions. This means that only the CICS region user ID for the CICS Configuration Manager server needs update access to CSD files. Other CICS region user IDs need read access only.

CICS Configuration Manager keeps a journal (an "audit trail") of changes to your CICS resource definitions. If you only use CICS Configuration Manager to change resource definitions, this journal will be comprehensive, allowing you to browse and restore any historical version of a resource definition. However, if you allow users to edit resource definitions outside of CICS Configuration Manager, the journal will not contain those changes. For this reason, you may wish to consider restricting update access to your CSD files to only the CICS region user ID for the CICS Configuration Manager server. One way to do this is to specify the system initialization parameter CSDACC=READONLY in each CICS region except the region running the CICS Configuration Manager server. (This parameter takes effect only after a CICS cold start.)


Information Information

Feedback


Timestamp icon Last updated: Friday, 8 February 2013


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic//ccv-security-csd.htm