Using IBM-supplied classes without prefixing

To set up external security for transactions, files, and PSBs, using IBM®-supplied resource classes and without prefixing, take the steps described in this topic.

Before you define a profile, activate the relevant classes, using the SETROPTS CLASSACT and SETROPTS GENERIC commands, as described in Summary of RACF commands.

To ensure the least interruption to actual business processes, work in a test region first.
  1. Plan and create RACF profiles in the relevant classes: 
    RDEFINE  TCICSTRN  transaction-name  UACC(NONE)  NOTIFY(userid)
RDEFINE  FCICSFCT  file-name         UACC(NONE)  NOTIFY(userid)
RDEFINE  PCICSPSB  PSB-name          UACC(NONE)  NOTIFY(userid)
  2. Permit appropriate users or groups (preferably groups) to have access to the profiles: 
    PERMIT  transaction-name  CLASS(TCICSTRN)  ACCESS(READ)
        ID(userid or groupid)
PERMIT  file-name         CLASS(FCICSFCT)  ACCESS(READ)
        ID(userid or groupid)
PERMIT  PSB-name          CLASS(PCICSPSB)  ACCESS(READ)
        ID(userid or groupid)
  3. Specify the following CICS system initialization parameters: 
    SEC=YES           XTRAN=YES        XCMD=NO
SECPRFX=NO        XFCT=YES         XDB2=NO
                  XPSB=YES         XDCT=NO
                                   XHFS=NO
                                   XJCT=NO
                                   XPCT=NO
                                   XPPT=NO
                                   XRES=NO
                                   XTST=NO
                                   XUSER=NO
                                   XAPPC=NO
  4. Start the CICS region in which you will be using external security.
  5. If you add, change, or delete RACF profiles in the related classes, refresh the in-storage profiles. (For more information, see Refreshing resource profiles in main storage.)