CICS and RACF resource checking summary
You use the CICS® resource system initialization parameters to specify the RACF® class name.
Each resource is described briefly in Table 1, with the associated CICS system initialization parameter that you use to specify the RACF class name. For comprehensive information about application programming commands and system programming commands associated with each system initialization parameter, see Resource and command check cross-reference.
No authorization processing is done for BMS commands.
| CICS parameter | Resource protected | Further information |
|---|---|---|
| XAPPC | Partner logical units (LU6.2). | Implementing LU6.2 security. |
| XCMD | The subset of CICS application programming commands that are subject to command security checking. EXEC CICS FEPI system commands are also controlled by this parameter. | CICS command security |
| XDB2 | DB2® resource classes for DB2ENTRY are specified to CICS on the XDB2 system initialization parameter. | Resource classes for DB2ENTRYs |
| XDCT | CICS extrapartition and intrapartition transient data queues. Define profiles in the transient data class to control who is allowed to access CICS transient data queues. | Security for transient data. |
| XFCT | CICS file-control-managed VSAM and BDAM files. Define profiles in the file class to control who is allowed to access CICS VSAM and BDAM files. | Security for files. |
| XHFS | z/OS® UNIX files managed by z/OS UNIX System Services. This is a special case, because access controls for z/OS UNIX files are specified in z/OS UNIX System Services, so z/OS UNIX files do not require individual RACF profiles. No application programming commands or system programming commands are associated with this resource. | Implementing security for z/OS UNIX files. |
| XJCT | CICS system log and general logs. Define profiles in the journal class to control who is allowed to access CICS journals on CICS log streams. | Security for journals and log streams. |
| XPCT | CICS started transactions and EXEC CICS commands: COLLECT STATISTICS TRANSACTION, DISCARD TRANSACTION, INQUIRE TRANSACTION, INQUIRE REQID, SET TRANSACTION, and CANCEL. Define profiles in the started-transactions class to control who is allowed access to started CICS transactions. | Security for started transactions. |
| XPPT | CICS application programs. Define profiles in the program class to control who is allowed to access CICS application programs. | Security for application programs. |
| XPSB | DL/I program specification blocks (PSBs). Define profiles in the program specification block class to control who is allowed to access the DL/I PSBs used in CICS application programs. | Security for program specification blocks. |
| XRES | CICS resources
that use the XRES parameter are: ATOMSERVICE,
BUNDLE, DOCTEMPLATE, EPADAPTER, EPADAPTERSET, EVENTBINDING,
JVMSERVER, and XMLTRANSFORM. For example, define profiles in the DOCTEMPLATE resource class to control who is allowed to access document templates. |
Security using the XRES resource security parameter. |
| XTRAN | CICS transactions. | Transaction security. |
| XTST | CICS temporary storage queues. Define profiles in the temporary storage class to control who is allowed to access CICS temporary storage queues. | Security for temporary storage. |
| XUSER | Surrogate user security. | Surrogate user security. |