XHFS

The XHFS system initialization parameter specifies whether CICS is to check the transaction user's ability to access files in the z/OS UNIX System Services file system.

Defining XHFS

You can define the XHFS system initialization parameter in the following ways:

In the PARM parameter of the EXEC PGM=DFHSIP statement.
In the SYSIN data set of the CICS® startup job stream.
In the DFHSIT macro.

You cannot define the XHFS system initialization parameter through the system console.

Values for XHFS

Valid values for the XHFS system initialization parameter are as follows:

XHFS={YES|NO}

YES is the default value for XHFS. At present, this checking applies only to the user ID of the Web client when CICS Web support is returning z/OS UNIX file data as the static content identified by a URIMAP definition. The checking is performed only if you have specified the SEC=YES system initialization parameter. However, the RESSEC option in the transaction resource definition does not affect this security checking. For information on how resource security can provide a further level of security to transaction security, see Resource security.

Note: You can specify the XHFS parameter in the SIT, PARM, or SYSIN only.

YES: CICS is to check whether the user identified as the Web client is authorized to access the file identified by the URIMAP that matches the incoming URL. This check is in addition to the check performed by z/OS UNIX System Services against the CICS region user ID. If access to the file is denied for either of these user IDs, the HTTP request is rejected with a 403 (Forbidden) response.
NO: CICS is not to check the client user's access to z/OS UNIX files. Note that the CICS region user ID's access to these files is still checked by z/OS UNIX System Services.