Security for application programs

You control access to the initial program specified in the transaction resource definition by authorizing the user to initiate the transaction (transaction-attach security).

However, CICS® application programs can invoke other programs by means of the LINK, LOAD, and XCTL commands. Also, the load status of programs can be altered by the CICS RELEASE, ENABLE, and DISABLE commands. Note, however, that there is no separate security check on the RELEASE of programs loaded for task lifetime. This is done on the corresponding LOAD.

You control access to programs invoked using these commands by defining profiles in the CICS application program classes, and which you define to CICS on the XPPT system initialization parameter.

To control which users can invoke or change the load status of other programs:
  1. Specify RESSEC(YES) in the CSD resource definition of the transactions that use the LINK, LOAD, XCTL, CICS RELEASE, ENABLE or DISABLE commands.
  2. Define profiles to RACF® in the MCICSPPT or NCICSPPT resource classes (or their equivalent if you have user-defined resource class names) using the name of the program invoked on the LINK, LOAD, or XCTL command to identify the profiles.
    For example, use the following commands to define a program in the MCICSPPT class, and to authorize one user only:
    RDEFINE  MCICSPPT  (prog1, prog2, ..., progn)  UACC(NONE)
    To define programs as members of a profile in the application program resource group class, with an appropriate access list, use the following commands:
    RDEFINE  NCICSPPT  cics_programs  UACC(NONE)
                       ADDMEM(proga, progb, ..., progx)
    PERMIT cics_programs CLASS(NCICSPPT) ID(group_userid) ACCESS(READ)
  3. Specify SEC=YES as a CICS system initialization parameter (and SECPRFX if you define profiles with a prefix).
  4. Specify XPPT=YES as a CICS system initialization parameter for the default resource class names of MCICSPPT and NCICSPPT (or XPPT=class_name for user-defined resource class names).

Exception for distributed program link (DPL) commands

If CICS finds that a program referenced on a LINK command is a remote program, it does not perform the security check in the region in which the link command is issued. The security check is performed only in the CICS region in which the linked-to program finally executes.

For example, if CICSA function ships a DPL command to CICSB, where the program then executes, CICSB issues the security check. If the DPL request is function shipped again to CICSC for execution, it is CICSC that issues the security check.