CICS security: Performance and tuning
CICS® provides an interface for an external security manager (ESM), such as RACF®, for three types of security: transaction, resource, and command security.
Effects
Transaction security verifies the authorization of an operator to run a transaction. Resource security limits access to data sets, transactions, transient data destinations, programs, temporary storage records, and journals. Command security is used to limit access to specific commands and applies to special system programming commands; for example, EXEC CICS INQUIRE, SET, PERFORM, DISCARD, and COLLECT. Transactions that are defined with CMDSEC=YES must have an associated user.
Limitations
Protecting transactions, resources, or commands unnecessarily increases both processor cycles, and real and virtual storage requirements.
Recommendations
Because transaction security is enforced by CICS, it is suggested that the use of both resource security and command security should be kept to the minimum. The assumption is that, if operators have access to a particular transaction, they therefore have access to the appropriate resources.
Implementation
Resource security is defined with the RESSEC(YES) attribute in the TRANSACTION definition. Command security is defined with the CMDSEC(YES) attribute in the TRANSACTION definition.
Monitoring
No direct measurement of the overhead of CICS security is given. RMF shows overall processor usage.
For more information, see RACF facilities.