XPSB
The XPSB system initialization parameter specifies whether you want CICS to perform program specification block (PSB) security checking and optionally specifies the RACF resource class name in which you have defined the PSB security profiles.
- XPSB={YES|name|NO}
- You can specify the XPSB parameter in the SIT, PARM,
or SYSIN only. If you specify YES, or a RACF resource class name,
CICS calls RACF to check that the userid associated with a transaction is
authorized to access PSBs (which describe databases and logical message destinations
used by application programs). Such checking is performed every time a transaction
tries to access a PSB. Note:
- The checking is performed only if you have specified YES for the SEC system initialization parameter and specified the RESSEC(YES) option on the resource definitions. For further information on how resource security can provide a further level of security to transaction security, see Resource security for transactions.
- If you require security checking for PSBs to apply to remote users who access this region by means of transaction routing, the system initialization parameter PSBCHK=YES must be specified. For more information about this parameter, see PSBCHK.
- YES
- CICS calls RACF, using the default resource class name CICSPSB prefixed by P or Q, to verify that the userid associated with a transaction is authorized to access PSBs. The resource class name is PCICSPSB and the grouping class name is QCICSPSB.
- name
- CICS calls RACF, using the specified resource class name prefixed by P
or Q, to verify that the userid associated with a transaction is authorized
to access PSBs. The resource class name is Pname and
the grouping class name is Qname.
The resource class name specified must be 1 through 7 characters.
- NO
- CICS does not perform any PSB resource security checks, allowing any user to access any PSB.