The XFCT system initialization parameter specifies
whether you want CICS to perform file resource security checking, and optionally
specifies the RACF resource class name in which you have defined the file
resource security profiles.
- XFCT={YES|name|NO}
- If you specify YES, or a RACF resource class name, CICS calls RACF to verify that the userid
associated with a transaction is authorized to access File Control-managed files. Such checking is
performed every time a transaction tries to access a file managed by CICS file control.
The checking is performed only if you have specified YES for the SEC system initialization parameter
and specified the RESSEC(YES) option on the resource definitions. For further information on how
resource security can provide a further level of security to transaction security, see Resource security for transactions.
Note: You can specify the XFCT parameter in the
SIT, PARM, or SYSIN only.
- YES
- CICS calls RACF, using the default CICS resource class name of CICSFCT prefixed by F or H, to
verify that the userid associated with a transaction is authorized to access files reference by the
transaction. The resource class name is FCICSFCT and the grouping class name is HCICSFCT.
- name
- CICS calls RACF, using the specified resource class name, to verify that the userid associated
with a transaction is authorized to access files referenced by the transaction. The resource class
name is Fname and the grouping class name is
Hname.
The resource class name specified must be 1 through 7
characters.
- NO
- CICS does not perform any file resource security checks, allowing any user to access any
file.