Activating CICS security discovery during CICS startup

6.2 and later Applies to 6.2 and later.

When a CICS® region starts up with a cold or an initial start, CICS security discovery is in an inactive state. Instead of manually activating it every time, you can use a PLT program to activate it automatically during CICS startup. CICS provides sample program DFH$SECD, which activates security discovery and sets all resource access requests to be discovered by default.

If you want to activate CICS security discovery, manually issue the SET SECDISCOVERY SPI command. This command is used to activate or deactivate CICS security discovery. For detailed information, see SET SECDISCOVERY.

Note: The security discovery state persists over a warm or an emergency restart. On a cold or an initial start of CICS, security discovery is inactive. In case of a cold or an initial start, you need to manually reissue the SET SECDISCOVERY commands or add them to a program that runs as part of PLT to turn it on. See Activating CICS security discovery during CICS startup.

Procedure

  1. Review the sample program DFH$SECD to check whether it meets your requirements for security discovery. DFH$SECD is located in the hlq.SDFHSAMP data set.

    You can use the sample program unchanged, modify the sample program to alter the SET SECDISCOVERY command being issued, or use the sample as the base for your own program.

  2. Add the name of your PLT program to your PLTPI table.

    The program needs to run in the third phase of initialization so must appear after the DFHDELIM entry.

    DFHPLT TYPE=INITIAL,SUFFIX=XS
DFHPLT TYPE=ENTRY,PROGRAM=DFHDELIM
DFHPLT TYPE=ENTRY,PROGRAM=DFH$SECD Activate security discovery
DFHPLT TYPE=FINAL
  3. Authorize the PLTPIUSR user ID, if specified, or the region user ID with UPDATE access to the SET SECDISCOVERY SPI command. The resource type is SECURITY.
  4. Add a program definition for your PLT program. A sample definition for DFH$SECD is provided in the DFHSECD group.

    If you are using the sample program, copy the sample definition to your own group for customization. The definition needs to be in a group that is installed as part of the GRPLIST processing.

  5. Set the PLTPI system initialization parameter to the suffix of the PLT table that contains your new PLT program.

Results

You have successfully configured CICS to activate CICS security discovery during startup.