You should restrict access to CICSPlex® SM data sets using RACF® data set protection.
Procedure
- Prohibit universal access by specifying UACC(NONE).
- Ensure that minimum access to the data sets is authorized
for the RACF USERID assigned to each of the following:
- Every CMAS job or started task.
- Every MAS.
- All individuals allowed to use CICSPlex SM from
the CICSPlex SM WUI and API (both system administrators and users).
Table 1 lists the
CICSPlex SM data
sets and the minimum access that should be granted to each type of
user ID.
Table 1. Access by user ID
for CICSPlex SM data
sets
Data set name |
CMAS |
MAS |
System Admin. |
Individual User |
SYS1.CICSTS54.CPSM.SEYULPA |
NONE |
READ |
UPDATE |
NONE |
SYS1.CICSTS54.CPSM.SEYULINK |
READ |
NONE |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUAUTH |
READ |
READ |
UPDATE |
READ |
CICSTS54.CPSM.SEYULOAD |
READ |
READ |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUPARM |
READ |
READ |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUCMOD |
NONE |
NONE |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUCOB |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUC370 |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUDEF |
READ |
READ |
UPDATE |
READ |
CICSTS54.CPSM.SEYUCLIB |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUMLIB |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUPLIB |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUTLIB |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CICS.SDFHINST |
NONE |
NONE |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUMAC |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUOS2 |
NONE |
NONE |
UPDATE |
NONE |
CICSTS54.CPSM.SEYUPL1 |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUPROC |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.SEYUSAMP |
NONE |
NONE |
UPDATE |
READ |
CICSTS54.CPSM.EYUSDEF |
NONE |
NONE |
UPDATE |
UPDATE |
CICSTS54.CPSM.EYUDREP |
UPDATE |
NONE |
UPDATE |
NONE |
CICSTS54.CPSM.EYUIPRM |
NONE |
NONE |
UPDATE |
NONE |
What to do next
If you require more details about RACF data set protection, see the z/OS Security Server RACF Security Administrator's Guide.