BAS security considerations
Because of the importance of resource definitions to your CICSplex environment, CICSPlex SM enables you to define security for the BAS facilities.
- BAS.DEF
- This group includes all of the resource definition views and the related BAS administration views. Users with UPDATE access to this group can create, update, and remove definitions in the CICSPlex SM data repository. Users with READ access to this group can view definitions in the CICSPlex SM data repository.
- BAS.resource
- These groups are named according to the resource type they represent (such as BAS.CONNECT, for
connection-related definitions). Each group includes the resource definition views for a given
resource type. For example, BAS.CONNECT includes the Connection definitions views (CONNDEF
objects) and Session definitions views (SESSDEF objects).
The purpose of these security groups is to further restrict a user's ability to install resources in CICS® systems. A user must have ALTER access to the appropriate BAS.resource group in order to install the specified resources.
In addition to controlling access by function, you may want to limit the use of these functions to certain resources in certain CICS systems. CICSPlex SM also provides simulated CICS security checking, which enables you to control access to CICS resources and commands.
You should be aware of the need to take special care in the adequate protection of the BAS views, so that unauthorized users cannot create and administer resources.
If you are using the EXEC CICS CREATE command to build new resources, any definition created with the CICSplex as the context is automatically distributed to all CMASs in the CICSplex. Therefore, giving a user authority to create BAS objects is equivalent to giving authority to install resources on any CICS system in the CICSplex. When the CICS system starts, there is no check on who installed the resource in the system.
For details on setting up security for CICSPlex SM at your enterprise, see Implementing CICSPlex SM security.