Security for transient data

To implement security for transient data queues, do the following:
  1. Specify RESSEC(YES) in the resource definition of the appropriate transactions.
  2. Define profiles to RACF® in the DCICSDCT or ECICSDCT resource classes (or their equivalent if you have user-defined resource class names), with access lists as appropriate. Transient data queue names are a maximum of 4 characters in length, such as CSMT, L86O, L86P, and so on.
    For example, use the following commands to define queues in the DCICSDCT class, and to authorize users to both read from and write to these queues: 
    RDEFINE  DCICSDCT  (qid1, qid2, ..., qidn) UACC(NONE)
                   NOTIFY(sys_admin_userid)
PERMIT qid1 CLASS(DCICSDCT) ID(group1, group2) ACCESS(UPDATE)
PERMIT qid2 CLASS(DCICSDCT) ID(group1, group2) ACCESS(UPDATE)
    To define transient data queues as members of a profile in the CICS® transient data resource group class, with an appropriate access list, use the following commands: 
    RDEFINE  ECICSDCT  (queue_groupname) UACC(NONE)
                   ADDMEM(qida, qidb, ..., qidz) NOTIFY(sys_admin_userid)
PERMIT queue_groupname CLASS(ECICSDCT) ID(group_userid) ACCESS(UPDATE)
  3. Specify SEC=YES as a CICS system initialization parameter (and SECPRFX if you define profiles with a prefix).
  4. Specify XDCT=YES for the default resource class names of DCICSDCT and ECICSDCT (or XDCT=class_name for user-defined resource class names).