Here is the format of the security key that the CICS® Configuration Manager server creates to check a user's authority to perform an API command:
(1) >>-prefix--.--+-LIS.-+-object_type-----+-.location_type.-+-location_name-+-+->< | '-ALL-------------' +-ALL-----------+ | | '-NONE----------' | +-+-ADD-----+-.object_type.location_type.location_name-------+ | | (2) | | | +-CPY-----+ | | +-DIO-----+ | | +-INO-----+ | | +-NEO-----+ | | | (3) | | | +-REC-----+ | | +-REM-----+ | | '-REN-----' | +-+-CRE-+-.object_type.location_type.-+-location_name-+------+ | +-DEL-+ '-NONE----------' | | +-INQ-+ | | '-UPD-' | +-+-APP-+-.migration_scheme.approval_profile.approver_role---+ | '-DIS-' | +-+-REA-+-.migration_scheme----------------------------------+ | +-UNR-+ | | +-MIG-+ | | +-BAC-+ | | +-INS-+ | | +-DSS-+ | | '-NEW-' | +-IMP.target_CICS_configuration------------------------------+ '-DEP.-+-COLLECT.CCONFIG.CICS_configuration-+----------------' '-REPORT.NONE.NONE-------------------'
For descriptions of the fields in this key, see API parameters.
To limit the security key length, API command names are abbreviated to three letters:
The server calls the external security manager (such as RACF®) to check whether this key matches a general resource profile for which the user has READ access authority. If it does, the server performs the command.
Restricting access to the ISPF dialog:
To start the CICS Configuration Manager ISPF dialog, users must be able to perform a List command for the SvrInfo repository object; for details, see SvrInfo (server information). You can use this requirement to restrict access to the ISPF dialog.