CMDSEC
The CMDSEC parameter specifies whether or not you want CICS® to honor the CMDSEC option specified on a transaction's resource definition.
- CMDSEC={ASIS|ALWAYS}
- Valid values are as follows:
- ASIS
- CICS honors the CMDSEC option defined in a transaction's resource definition. CICS calls its command security checking routine only when CMDSEC(YES) is specified in a transaction resource definition.
- ALWAYS
- CICS overrides the CMDSEC option, and always calls its
command security checking routine to issue the appropriate call to the SAF interface. Note:
- Specify ALWAYS when you want to control the use of the SPI in all your transactions. Be aware that this might incur additional overhead. The additional overhead is caused by CICS issuing the command security calls on every eligible EXEC CICS command, which are all the system programming interface (SPI) commands.
- If you specify ALWAYS, command checking applies to CICS-supplied category 2 transactions. You must authorize all users of these transactions to use any SPI commands that these transactions use; otherwise, you will get abends due to security failures. CICS-supplied category 3 transactions do not use SPI commands; therefore, the default user ID does not need to be authorized for SPI commands.
Restriction: You can specify the CMDSEC parameter in the SIT, PARM, or SYSIN
only.