Assigning CICS VR proper access authority

By default, all processes started by the CICS® VR server address space run under an undefined RACF® user ID.

If RACF, or similar security product, is implemented, you must define the CICS VR started task to RACF and assign it a user ID with appropriate authorization that allows the CICS VR server address space to update and delete information from the appropriate RCDS, log streams, and log stream copies. For example, you can run:
RDEFINE STARTED CICSVR.* STDATA(USER(SYSTASK)) 
SETR RACLIST(STARTED) REFRESH
If you plan on using CICS VR automatic batch backout, and if RACF or a similar security product is in place, be sure to define the DWWBAFJS started task to RACF and assign it a user ID with appropriate authorization to browse the output of the batch backout job. For example, you can run:
RDEFINE STARTED DWWBAFJS.* STDATA(USER(user ID))
SETR RACLIST(STARTED) REFRESH

If you plan on using automated recovery, and if RACF or a similar security product is in place, be sure to define the DWWCBINF, DWWCBRRG and DWWCBRRY started tasks to RACF. Assign these tasks to a user ID with appropriate authorization to browse the output of automated recovery job.

For RACF details see z/OS® Security Server RACF System Programmer's Guide. For details of using CICS VR automatic batch backout, see Automatically running CICS VR batch backout.