Assigning CICS VR access authority

By default, all processes started by the CICS® VR server address space run under an undefined RACF® user ID.

If RACF or a similar security product is implemented, you must define the CICS VR started task to RACF and assign it a user ID. This user ID must have appropriate authorization that allows the CICS VR server address space to update and delete information from the appropriate RCDS, log streams, and log stream copies. For example, you can run the following command:

RDEFINE STARTED CICSVR.* STDATA(USER(SYSTASK)) 
SETR RACLIST(STARTED) REFRESH

If you plan to use CICS VR automatic batch backout, and if RACF or a similar security product is in place, ensure that you define the DWWBAFJS started task to RACF and assign it to a user ID. This user ID must have appropriate authorization to browse the output of the batch backout job. For example, you can run the following command:

RDEFINE STARTED DWWBAFJS.* STDATA(USER(user ID))
SETR RACLIST(STARTED) REFRESH

For details about CICS VR automatic batch backout, see Automatically running CICS VR batch backoutthe CICS VR User's Guide.

A value DWWRMDFS for the server set up control default is registered in the RCDS as the name of the setup job that must be run during the initialization of the CICS VR server address space. If RACF or a similar security product is in place, you must define the setup job as a started task to RACF and assign a user ID with the appropriate authorization to browse the output of the setup job. For example, you can run the following command

RDEFINE STARTED DWWRMDFS.* STDATA(USER(user ID)) 
SETR RACLIST(STARTED) REFRESH

CICS VR uses a customized version of the log of logs scan JCL skeleton to run the log of logs scan at regularly scheduled times and to run the scan manually at convenient times. The skeleton is located in member DWWARSCA of the CICS VR library SDWWCNTL. Modify the log of logs scan JCL skeleton to conform to the environment standards by commenting out JOB statement, symbolic parameters and keep “LOGOFLOGS SCAN” command in DWWIN. Copy the updated DWWARSCA member into PROCLIB library. If RACF or a similar security product is in place, define the DWWARSCA started task to RACF and assign it to a user ID with the appropriate authorization to browse the output of the log of logs scan job. For more information about log of logs scanning see, Automatic and manual log of logs scanning.

If you plan to use automated recovery, and if RACF or a similar security product is in place, ensure that you define the DWWCBINF, DWWCBRRG and DWWCBRRY started tasks to RACF and assign them to a user ID. This user ID must have appropriate authorization to browse the output of automated recovery job. For example commands, see Automated recovery and security.

If you plan to use the inventory scavenger, and if RACF or a similar security product is in place, ensure that you define the DWWARSCI started task to RACF and assign it to a user ID. This user ID must have appropriate authorization to browse the output of inventory scavenger job. For details about the inventory scavenger, see Inventory scavenger.

For RACF details, see z/OS® Security Server RACF System Programmer's Guide.