The security profile
A new profile DWWCICSVR needs to be defined to the FACILITY class in your security product. The security administrator can then permit various levels of access to this profile for all users of CICS® VR.
In general, a user can have NONE, READ, UPDATE, CONTROL or ALTER
as the permitted level of access for a particular task. If the user
tries to perform a function without the proper level of access, a
pop-up message is displayed on the panel, advising that the user is
not authorized to perform this function, and must contact the security
administrator requesting access. This table shows the access levels
required in the DWWCICSVR profile for a user to perform particular
tasks:
| Task | Access level | Class |
|---|---|---|
| Changing any retention periods for automatic backup deregister, automatic mvslog deregister or automatic CA deregister | ALTER | FACILITY |
| Register or deregister a VSAM sphere entry from RCDS, using the sphere list panel | CONTROL (for the sphere to be registered or deregistered) | DATASET |
| Deregister a log entry from the CICS VR log stream list | CONTROL | FACILITY |
| Register or deregister a log of logs entry from the CICS VR log of logs list | CONTROL | FACILITY |
| Deregister a CICS backout failed sphere entry from the CICS Backout Failed sphere list | CONTROL | FACILITY |
| Change the CICS VR automation level | ALTER | FACILITY |
| Setting CICS VR server address space defaults or scavenger parameters | ALTER | FACILITY |
Note: Less strict access control is required for a user to
deregister a CICS backout failed sphere because the sphere
remains registered in RCDS as a VSAM sphere.
- Example
- RDEFINE FACILITY DWWCICSVR
PERMIT DWWCICSVR ACCESS(READ) CLASS(FACILITY) ID(userid)