Using IBM-supplied classes with prefixing

To set up external security for transactions, files, and PSBs, using IBM-supplied resource classes with prefixing, take the steps described in this section.

Before you define a profile, you must activate the relevant classes, using the SETROPTS CLASSACT and SETROPTS GENERIC commands, as described in Summary of RACF commands.

To ensure the least interruption to actual business processes, work in a test region first.

Note: The following examples assume that the CICS region userid is CICS1, and that SECPRFX=YES.
  1. Plan and create RACF profiles in the relevant classes: 
    RDEFINE  TCICSTRN  CICS1.transaction-name  UACC(NONE)  NOTIFY(userid)
RDEFINE  FCICSFCT  CICS1.file-name         UACC(NONE)  NOTIFY(userid)
RDEFINE  PCICSPSB  CICS1.PSB-name          UACC(NONE)  NOTIFY(userid)
  2. Permit appropriate users or groups (preferably groups) to have access to the profiles: 
    PERMIT  CICS1.transaction-name  CLASS(TCICSTRN)  ACCESS(READ)
        ID(userid or groupid)
PERMIT  CICS1.file-name         CLASS(FCICSFCT)  ACCESS(READ)
        ID(userid or groupid)
PERMIT  CICS1.PSB-name          CLASS(PCICSPSB)  ACCESS(READ)
        ID(userid or groupid)
  3. Specify the following system initialization parameters: 
    SEC=YES             XTRAN=YES        XCMD=NO
SECPRFX=YES         XFCT=YES         XDB2=NO
                    XPSB=YES         XDCT=NO
                                    XHFS=NO
                                     XJCT=NO
                                     XPCT=NO
                                     XPPT=NO
                                    XRES=NO
                                     XTST=NO
                                     XUSER=NO
                                     XAPPC=NO
  4. Start the CICS region in which you will be using external security.
  5. If you add, change, or delete RACF profiles in the related classes, refresh the in-storage profiles. (For more information, see Refreshing resource profiles in main storage.)