Changes to RACF classes
This section summarizes the changes that relate to RACF® classes across supported CICS® releases. Use this information to plan the impact of upgrading from one release to another.
If you are upgrading from an end-of-service release, you can find information about the changes that are relevant to those releases in Summary of changes from end-of-service releases.
For other security-related changes, see Changes to security. For changes to transactions, see Changes to CICS transactions.
Command | 5.4 | 5.5 | 5.6 | 6.1 |
---|---|---|---|---|
CREATE DUMPCODE | NEW: resource identifier DUMPCODE | |||
INQUIRE JVMENDPOINT SET JVMENDPOINT | NEW: resource identifier JVMENDPOINT | |||
CREATE MQMONITOR DISCARD MQMONITOR INQUIRE MONITOR SET MONITOR | NEW: resource identifier MQMON | |||
INQUIRE NODEJSAPP | NEW: resource identifier NODEJSAPP | |||
PERFORM JVMSERVER | NEW: resource identifier JVMSERVER ACCESS(UPDATE) is required for the command. ACCESS(UPDATE) is required for the named JVMSERVER resource identifier. |
|||
SET PROGRAM | NEW: resource identifier REPLICATION. ACCESS(ALTER) is required for REPLICATION option. |
|||
INQUIRE SYSDUMPCODE SET SYSDUMPCODE | NEW: resource identifier SYSDUMPCODE. ACCESS(CONTROL) is required for SET with JOBLIST option. |
|||
INQUIRE WLMHEALTH SET WLMHEALTH | NEW: resource identifier WLMHEALTH. Requires APAR PI84397. |
User ID | 5.4 | 5.5 | 5.6 | 6.1 |
---|---|---|---|---|
Default user ID | Default user no longer needs command authority for any CAT 3 CICS transactions. See Default user ID security definitions. | |||
Region user ID | Security for submitting a JCL job to the internal reader. | |||
KERBEROSUSER | NEW with APAR: PI85443 | NEW SIT parameter KERBEROSUSER to specify the user ID associated with the Kerberos service principal for the CICS region. |
Class | Profile | 5.4 | 5.5 | 5.6 | 6.1 |
---|---|---|---|---|---|
FACILITY | DFHSIT.HPO | NEW: Control of HPO SIT override | |||
IDTDATA | JWT.applid.userid.SAF | NEW: support for JWT with RACF | |||
PTKTDATA | IRRPTAUTH.applid.userid | NEW XPTKT system initialization parameter | |||
SURROGAT | userid.DFHEXCI | NEW with APAR: PH09898 | NEW with APAR: PH09898 | NEW: surrogate user checking for EXCI | |
SURROGAT | userid.DFHQUERY | NEW: Application-specific security (QUERY SECURITY) | |||
SURROGAT | userid.SUBMIT | NEW: security for submitting a JCL job to the internal reader |