CICS BAC generates administrative resource names when the workstation administration client, the file maintenance utility, or the ISPF administration interface attempts to access a record in a CICS region control file. Accesses that simply read the record require only a UACC of READ for the resource. Examples of this are the LIST command in the file maintenance utility and the download and browse functions of the workstation administration client. Other accesses, such as insert, replace, or delete require a UACC of UPDATE for the resource. Examples of this are the ADD, UPDATE, and DELETE commands of the file maintenance utility and the upload and delete from host functions of the workstation administration client. The name generated for the security check is the name you need to define to RACF in the FACILITY general resource class.
objectType | objectName |
---|---|
FILE | The name of the file object being accessed. |
TDQUEUE | The name of the transient data queue object being accessed. |
TRANSID | The name of the transaction object being accessed. |
PROGRAM | The name of the program object being accessed. |
APPGROUP | The name of the application group object being accessed. |
APPLIST | Name of the application list object being accessed. |
REGION | The literal PROPERTY for access to a CICS region object. |
Some examples of the ADMIN access type resource names are as follows:
RDEFINE FACILITY $CBK.CICSP.ADMIN.FILE.PAYROLL UACC(NONE)
To read this file object, a user requires specific READ access
for this profile. Alternatively, you could grant everyone access by
changing the universal access to UACC(READ).RDEFINE FACILITY $CBK.CICSTEST.ADMIN.APPGROUP.DOCUMENT UACC(NONE)
To delete this application group object from the CICS region
control file a user requires specific UPDATE access for this profile.RDEFINE FACILITY $CBK.CICST.ADMIN.REGION.PROPERTY UACC(NONE)
To update the CICS region object, a user requires specific UPDATE
access for this profile.