CICS IA transaction security

CICS® IA has no internal RACF® security classes. The two main interfaces are application programs. These two interfaces are the Operations and Administration Interface driven by transaction CINT and the Eclipse-based Query Interface.

All CICS IA transactions are defined with RESSEC(NO) and CMDSEC(NO). If you want to categorize and define the IA transactions in a similar way to CICS transactions, see Table 1. It shows the CICS IA transactions and their RACF categories as described in the CICS RACF Security Guide. It also indicates whether the transaction runs a program that has a DB2® DBRM associated with it.

Table 1. RACF categories for CICS IA transactions
Transid Description Category DB2
CINT Drives program CIUA000C for Operation and Administration. 3 YES
CINB Drives program CIUCINB1 for a long running task that writes the data to VSAM (see note below). 1  
CINC Drives program CIUACM10 for the Command Flow feature. 3  
Note: Start of change

Authorization can be given by granting the user ID access to the CICS IA batch plan.

On all regions, where you want to collect DB2 data ensure that the user ID, that CICS IA runs under, has GRANT permission to the batch plan created in the sample job SCIUSAMP.CICS(CIUDBNT). This permission enables the background transaction, CINB, to access the SYSIBM.SYSDUMMY1, SYSIBM.SYSPACKSTMT, and SYSIBM.SYSSTMT DB2 tables. In most cases, the CICS default user ID is used. However, in some cases it might be that the PLT user ID is used, if it was started by PLT processing, the user ID of the current CINT transaction, or the Link user ID if the CINT transaction is routed to another CICS region.

End of change

Reference Reference

Feedback


Timestamp icon Last updated: Friday, 7 February 2014


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic///ciuugc00404.html