XPPT

Defining XPPT

Values for XPPT

Valid values for the XPPT system initialization parameter are as follows:

XPPT=({YES|class_name|NO}[,{ALL|DPLONLY}])

You can specify the XPPT parameter in the SIT, PARM, or SYSIN only. Checking is performed every time a transaction tries to invoke another program by using one of the CICS commands: LINK, LOAD, or XCTL.

Note: The security check is performed only if you have specified the SEC=YES system initialization parameter and the RESSEC(YES) option in the resource definitions. For information on how resource security can provide a further level of security to transaction security, see Resource security.

YES

CICS calls RACF, using the default resource class name prefixed by M or N, to verify that the user ID associated with a transaction is authorized to use LINK, LOAD, or XCTL commands to invoke other programs. The general resource class name is MCICSPPT and the resource group class name is NCICSPPT.

class_name

CICS calls RACF, with the specified resource class name prefixed by M or N, to verify that the user ID associated with a transaction is authorized to use LINK, LOAD, or XCTL commands to invoke other programs. The general resource class name is Mclass_name and the resource group class name is Nclass_name.

The resource class name specified must be 1 through 7 characters.

NO

CICS does not perform any application program authority checks, allowing any user to use LINK, LOAD, or XCTL commands to invoke other programs. It overrides the ALL or DPLONLY option.

6.2 and later ALL

Performs the security check on all programs invoked by LINK, LOAD, or XCTL commands. It works only when YES or class_name is specified. It is overridden by the NO option.

6.2 and later DPLONLY

Performs the security check only on the first program that is linked by the mirror program during distributed program link (DPL). It works only when YES or class_name is specified. It is overridden by the NO option.