Policy scopes
You can associate a policy scope with a policy that defines task rules, to specify how policy task rules are applied to CICS® user tasks. However, the scope of the task rules depends on both the associated policy scope, and how the CICS bundle that defines the policy is deployed.
Policies are defined in a CICS bundle, which is then deployed into a CICS region in different ways. Policies that define task rules can be deployed into a stand-alone CICS region, with a CICS platform, or with a CICS application. Policies that define system rules can be deployed only into a stand-alone CICS region or with a CICS platform.
For policies that define system rules, regardless of how the policies are deployed, the rules apply to all tasks (system or user) in the CICS region that change the system or resource state.
For a policy that defines task rules, the scope of the task rules is determined by both how the CICS bundle that defines the policy is deployed, and any policy scope that is defined for the policy in the CICS bundle manifest. A policy that defines task rules can be deployed in the following ways:
- Deploy into a stand-alone CICS region (no policy scope)
- When a policy is deployed into a stand-alone CICS region, task rules that are defined in the policy apply to all user tasks that are running in that CICS region. This deployment method is useful where you cannot define a CICS platform or application.
- Deploy into a stand-alone CICS region with a policy scope
- When a policy with an associated policy scope is deployed into a stand-alone CICS region, any task rules that are defined in the policy apply only to user tasks with a matching operation in their application context.
- Deploy with a CICS platform
- When a policy is deployed with a CICS platform, task rules that are defined in the policy apply to all user tasks that have the matching platform in their application context.
- Deploy with a CICS application (no policy scope)
- When a policy is deployed with a CICS application, task rules that are defined in the policy apply to all user tasks on the platform that have the matching platform, application, and application version information in their application context.
- Deploy with a CICS application with a policy scope
- When a policy with an associated policy scope is deployed with a CICS application, task rules that are defined in the policy apply to all user tasks on the platform that have the matching platform, application, application version, and operation information in their application context.
| Effective policy scope | What the policy rules apply to | How the policy is deployed |
|---|---|---|
| 1 Region | The policy task rules apply to all user tasks that run in the CICS region to which you deploy the policy. | The policy is deployed as a CICS BUNDLE resource defined in the CSD or CICSPlex® SM data repository, and installed into any CICS region. |
| 2 Platform | The policy task rules apply to all user tasks on the platform that have the matching platform in their application context. | When you define a CICS Platform project, you add to it the CICS bundles that contain policy definitions to be deployed with the platform. If you want to deploy a policy to an already active platform, export the policy bundle to the platform home directory in zFS, and then use the CICS Explorer® ADDBUNDLE operation dialog to install it into a region type. For more information about the ADDBUNDLE operation dialog, see Adding a CICS bundle to a platform in the CICS Explorer product documentation. |
| 3 Application | The policy task rules apply to all user tasks on the platform that have the matching platform, application, and application version information in their application context. | When you define a CICS Application project, you add to it the CICS bundles that contain policy definitions to be deployed with the application. Alternatively, you can also deploy CICS bundles with the application binding, depending on the architecture of your application. |
| 4 Operation | When a policy is deployed with an application, the policy task rules apply to all user tasks on the platform that have the matching platform, application, application version, and operation information in their application context. When a policy is deployed to a stand-alone CICS region, the policy task rules apply to all user tasks in the region that have matching operation information in their application context. |
Define the policies in a CICS bundle. Then define the scoping for the operation by editing the CICS bundle manifest with the CICS manifest editor to define an application entry point and a policy scope. Finally, do one of the following:
CICS bundles that define a policy scope for an operation cannot be deployed with a platform project or added to an already active platform by using the ADDBUNDLE operation dialog. For more information, see Defining policy scopes in the CICS Explorer product documentation and Defining application entry points in the CICS Explorer product documentation. |
When a policy is installed into a CICS region, CICS combines its task rules with all the task rules of the other policies that are deployed with different scopes in that CICS region to determine a set of task rules that apply for each unique runtime scope. Policy rules that are deployed with different scopes might apply to the same task. For a policy deployed to a CICS platform or with a CICS application, you can use the Cloud Explorer view in CICS Explorer to determine which set of policy rules apply to a given scope. See Searching for policy rules in the CICS Explorer product documentation.For example:
- If you search for policy rules against a specific application version, you see an aggregation of the policy task rules for scopes 1 , 2 , and 3 . This set of task rules applies to all user tasks for this application version.
- If you search for policy rules against a specific operation of an application, you see an aggregation of the policy task rules that apply at scopes 1 , 2 , 3 , and 4 . This search shows any additional policy task rules that apply to a specific operation of an application, as well as the policy task rules that apply to the application.
- If you search for policy rules against a platform, you see an aggregation of the policy task rules that apply at scopes 1 and 2 . This search shows you all the policy task rules that apply to all the application tasks that run on the selected platform. It is a subset of the policy task rules you see if you search for the policy rules for a specific application (or application operation) running on that platform.
- Similarly, if you search for policy rules against a region type, you see an aggregation of the policy task rules that apply at scopes 1 and 2 . This search shows you all the policy task rules that apply to all application tasks that run in regions of this type on the platform.
- A set of all policy task rules with region scope.
- A set of all policy task rules with platform scope; one for each platform that a specific CICS region is a member of.
- A set of all policy task rules for a specific application version; one set for each application version that is deployed in the CICS region.
- A set of all policy task rules for each operation of an application version; one set for each operation of an application version.
CICS associates one of these sets of policy task rules with the task at one of two points in the lifetime of the task:
- When a task is attached
- At task attach time, depending on whether the task's application context is set, CICS determines task rules to be associated with the task as follows:
- If the task's application context is set, that is, the task has passed through an application entry point, CICS applies the set of policy rules whose scope best matches the task's application context. CICS checks for the best match as follows:
- CICS checks for a set of rules whose scope matches the platform, application, application version, and operation in the task's application context. When the application entry point is defined in a CICS bundle that is deployed to a stand-alone CICS region, only the operation name is set in the task's application context. In this case, if no match is found, CICS continues the search from step 4; otherwise, it proceeds to step 2.
- If no match is found, CICS checks for a set of rules that match the platform, application, and application version in the task's application context.
- If still no match is found, CICS checks for a set that matches the platform name only.
- If still no match is found, CICS checks for a set of rules that apply for the region.
- If still no match is found, the task executes without any policy rules.
- If the task's application context is not set, CICS associates the set of region policy rules, if any, with the task.
- If the task's application context is set, that is, the task has passed through an application entry point, CICS applies the set of policy rules whose scope best matches the task's application context. CICS checks for the best match as follows:
- When a task invokes an application entry point program by using EXEC CICS LINK or INVOKE APPLICATION
- If the application context was set at task attach, the policy rules for the task remain unchanged. However, if the application context was not set at task attach, CICS looks for the best set of policy rules that match the task's application context, as described earlier. If a match is found, this set of policy rules replaces any region-scoped policy rules that were associated with the task at task attach. This new set includes any such region-scoped rules.
During task execution, CICS applies the policy rules of a specific type in order of the lowest threshold to the highest threshold. When multiple rules apply to the same threshold, CICS processes message action rules first, then event action rules, and finally abend action rules. This order ensures that messages and events are emitted before a task abends.