Commands subject to command security
These commands are subject to command security. If you enable command security, security checks are performed for these commands, when they are issued from a CICS® application and for the equivalent commands that you can issue with the CEMT main terminal transaction or CECI. CICS calls RACF® to check that the user that initiated the transaction has authority to use the command for the specified resource.
If a user is authorized to initiate the CEMT transaction, but is not authorized for the resources on which the commands depend, CICS returns a NOTAUTH condition. To allow use of the CEMT command in a command security environment, give users UPDATE access to the group profile that protects commands on which you want them to issue the PERFORM, SET, and DISCARD command and provide READ access to the group profile that protects the commands on which you want them to issue only INQUIRE and COLLECT commands.
| Command name | Access required |
|---|---|
|
COLLECT
CSD DISCONNECT CSD ENDBRGROUP CSD ENDBRLIST CSD ENDBRRSRCE CSD GETNEXTGROUP CSD GETNEXTLIST CSD GETNEXTRSRCE CSD INQUIREGROUP CSD INQUIRELIST CSD INQUIRERSRCE CSD STARTBRGROUP CSD STARTBRLIST CSD STARTBRRSRCE EXTRACT STATISTICS INQUIRE |
READ |
|
DISABLE
CSD ADD CSD ALTER CSD APPEND CSD COPY CSD DEFINE CSD DELETE CSD LOCK CSD REMOVE CSD RENAME CSD UNLOCK CSD USERDEFINE ENABLE EXTRACT (but not EXTRACT STATISTICS) PERFORM RESYNC SET |
UPDATE |
|
CREATE
CSD INSTALL DISCARD |
ALTER |