Activating simulated CICS security

When you create RACF® profiles using the CICSPlex® SM resource classes to permit access to the operations and monitoring views, CICSPlex SM determines which views a user can access. However, CICSPlex SM cannot determine if that user is authorized to access the CICS® resources represented within the view.

About this task

You can enhance the security provided by your CICSPlex SM profiles by activating simulated CICS security checking. Simulated security uses your existing RACF profiles to control access to CICS resources, CICS commands, or both. It is available only for the operations and monitor views. When using this combination of profiles, your CICSPlex SM profiles determine which sets of views can be accessed and your CICS resource profiles determine which resources within the view can be accessed. For example, you can create a CICSPlex SM profile that allows a user to issue the file view commands and any associated action commands, and then have CICS simulated security determine which files the user is authorized to access.

Note:
  1. See Activating security for CICSPlex SM for important information on how the CICSPlex SM and CICS security parameters can affect simulated security.
  2. Simulated security involves significantly more processing overhead than using only CICSPlex SM profiles and will have a negative impact on performance.
  3. CICSPlex SM simulated CICS security does not include the simulation of CICS surrogate security. If CICS surrogate security checking is required, see Considerations for CICS surrogate security checks for guidance on how to secure your CICS regions correctly.

Procedure

  • To activate or deactivate simulated security checking, use the CSYSDEF view (for a single CICS system) or CPLEXDEF view (for multiple systems). You can indicate whether you want CICS resource checking, CICS command checking, or both, to occur. CICS resource checking controls which resources are displayed in a view. CICS command checking controls what commands can be used within the view.
  • To activate or deactivate simulated security checking temporarily for an active CICS system, use the MAS view.