Security parameters
You can use the security parameters to specify whether to use the optional security mechanism that the server provides, to check that CICS® regions are authorized to open a coupling facility data table. You can also use these parameters to override standard processing for this optional security.
- SECURITY={YES|NO}
- Specifies whether individual coupling facility data table security
checks are required.
- YES
- The server performs a security check against each CICS region that attempts to open a coupling
facility data table. Access is controlled through profiles defined
in the general resource class named on the SECURITYCLASS parameter.
This function requires an external security manager, such as RACF®, that supports the FASTAUTH function in cross-memory mode.
- NO
- The server does not perform a security check against each CICS region that attempts to open a coupling facility data table.
This is the only security check performed by the server that is optional. The other file security checks are always performed by the server, as described in Security for coupling facility data tables.
This parameter is valid only at server initialization.
This keyword can be abbreviated to SEC.
- SECURITYCLASS={FCICSFCT|class}
- Specifies the name of the RACF general
resource class that the server uses for security checks on coupling
facility data table access by CICS regions.
The name can be up to 8 characters, and is the name of the class in
which the CFDT resource profile and its access list are defined.
This parameter is valid only at server initialization.
This keyword can be abbreviated to SECCLASS.
- SECURITYPREFIX={NO|YES}
- When SECURITY=YES is specified, specifies whether the resource
name that is passed to RACF for
the coupling facility data table security check is prefixed with the
server region user ID. Note: For this security check, the resource name used by the server is the either the name specified on the TABLENAME attribute of the CICS file resource definition, or the FILE name if TABLENAME is not specified.
- YES
- The server prefixes the resource name with the server region user ID (the default) or an alternative prefix specified on the SECURITYPREFIXID parameter.
- NO
- The server passes to RACF only the 8-character resource name, without any prefix.
This parameter is valid only at server initialization.
This keyword can be abbreviated to SECPREFIX or SECPRFX.
- SECURITYPREFIXID=identifier
- Specifies a prefix for the server to use for security checks on
coupling facility data table access by CICS regions,
instead of the server region user ID. The prefix can be up to 8 characters,
and should correspond to the prefix used to define profile names of
CFDTs to RACF. This parameter
is effective only when SECURITYPREFIX=YES is specified.
This parameter is valid only at server initialization.
This keyword can be abbreviated to SECPREFIXID.