Security for program specification blocks

DL/I program specification blocks (PSBs) are IMS control blocks that describe databases and logical message destinations used by an application program. PSBs consist of one or more program communication blocks (PCBs), which describe an application program's interface to an IMS database.

To implement security for PSBs scheduled in CICS® applications:
  1. Define profiles to RACF® in the PCICSPSB or QCICSPSB resource classes (or their equivalent if you have user-defined resource class names), with access lists as appropriate. The resource profile names you define to RACF must correspond to the names of PSBs specified in CICS PSB schedule commands. For example, use the following commands to define PSBs in the PCICSPSB class, and to authorize users to access these queues: 
    RDEFINE  PCICSPSB  (psbname1, psbname2, ..., psbnamen) UACC(NONE)
                   NOTIFY(sys_admin_userid)
PERMIT psbname1 CLASS(PCICSPSB) ID(group1, group2) ACCESS(READ)
PERMIT psbname2 CLASS(PCICSPSB) ID(group1, group2) ACCESS(READ)
    To define PSBs as members of a profile in the CICS PSB resource group class, with an appropriate access list, use the following commands: 
    RDEFINE  QCICSPSB  psbname_group UACC(NONE)
                   ADDMEM(psbnamea, psbnameb, ..., psbnamex)
                     NOTIFY(sys_admin_userid)
PERMIT psbname_group CLASS(QCICSPSB) ID(group_userid) ACCESS(UPDATE)
  2. Specify SEC=YES as a CICS system initialization parameter (and SECPRFX if you define profiles with a prefix).
  3. Specify XPSB=YES as a CICS system initialization parameter for the default resource class names of PCICSPSB and QCICSPSB (or XPSB=class_name for user-defined resource class names).
  4. Specify PSBCHK=YES if you want full security for PSBs that are accessed in transaction-routed transactions. This applies to both types of DL/I interface (remote and DBCTL). If you specify PSBCHK=NO, the authority of the remote user is not used in transaction-routed transactions.
Note: CICS requires a minimum authorization of READ for PSBs.

If you are using DBCTL, see Security checking with DBCTL for information on defining security in a CICS-DBCTL environment.