XCMD
The XCMD system initialization parameter specifies whether you want CICS to perform command security checking, and optionally the RACF resource class name in which you have defined the command security profiles.
- XCMD={YES|name|NO}
- If you specify YES, or a RACF resource class name, CICS calls RACF to verify that the userid
associated with a transaction is authorized to use a CICS command for the specified resource. Such
checking is performed every time a transaction tries to use a COLLECT, DISABLE, DISCARD, ENABLE,
EXTRACT, INQUIRE, PERFORM, RESYNC, or SET command, or any of the FEPI commands, for a resource.
Note: The checking is performed only if you have specified YES for the SEC system initialization parameter and specified the CMDSEC(YES) option on the transaction resource definition.
- YES
- CICS calls RACF, using the default class name of CICSCMD prefixed by C or V, to check whether the userid associated with a transaction is authorized to use a CICS command for the specified resource. The resource class name is CCICSCMD and the grouping class name is VCICSCMD.
- name
- CICS calls RACF, using the specified resource class name prefixed by C or V, to verify that the
userid associated with a transaction is authorized to use a CICS command for the specified resource.
The resource class name is Cname and the grouping class name is
Vname.
The resource class name specified must be 1 through 7 characters.
- NO
- CICS does not perform any command security checks, allowing any user to use commands that would be subject to those checks.
Restrictions: You can specify the XCMD parameter in the SIT, PARM, or SYSIN only.
For information on how resource security can provide a further level of security to transaction security, see Resource security for transactions.