RACF security classes used by OTMA

To have RACF® secure transactions or commands submitted to IMS through OTMA, you must define the security to be enforced for them to RACF.

Transaction security definitions are stored in the RACF TIMS class. Command security definitions are stored in the CIMS class. If a transaction is not in the TIMS class or a command is not in the CIMS class, the transaction or command is allowed regardless of any options you might specify by using the /SECURE OTMA command.

When you enter an OTMA command, OTMA issues a RACHECK to validate the command. OTMA passes only the command verb to DFSCCMD0 for verification, not the entire CVB control block.

If you are using RACF to secure asynchronous hold queues from unauthorized users of the RESUME TPIPE call, you must define either the default RIMS resource or a Rxxxxxxx resource class, where xxxxxxx is the value of the RCLASS parameter in the DFSDCxxx PROCLIB member. The RACF resource class that you define must include the names of the protected asynchronous hold queues and the user IDs that are authorized to access each queue.