SEC

YES

You want to use full external security. CICS requires the appropriate level of authorization for the access intent: a minimum of READ permission for read intent, and a minimum of UPDATE permission for update intent.

Note: You must also ensure that the default user ID (CICSUSER or another user ID specified on the DFLTUSER system initialization parameter) has been defined to RACF®.

If command security checking is defined for CICS SP-type commands, then specifying SEC=YES means that the appropriate level of authority is checked for; therefore:

• A check for READ authority is made for INQUIRE and COLLECT commands.
• A check for UPDATE authority is made for SET, PERFORM, and DISCARD commands.

NO

You do not want CICS to use an external security manager. All users have access to all resources, whether determined by attempts to use them or by the QUERY SECURITY command. Users are not allowed to sign on or off.

Note: With MRO bind-time security, even if you specify SEC=NO, the CICS region user ID is still sent to the secondary CICS region, and bind-time checking is still carried out in the secondary CICS region. For information about MRO bind-time security, see Security checking using the Query Security command.

Define whether to use RACF for resource level checking by using the XDCT, XFCT, XHFS, XJCT, XPCT, XPPT, XPSB, XRES, and XTST system initialization parameters. Define whether to use RACF for transaction-attach security checking by using the XTRAN system initialization parameter. Define whether RACF session security can be used when establishing APPC sessions by using the XAPPC system initialization parameter.

For programming information about the use of external security for CICS system commands, see Security checking.

Restrictions You specify the SEC parameter in the SIT system initialization parameter, PARM option, or SYSIN control statement.