Categories of CICS-supplied transactions
The RACF® profile definitions for your CICS®-supplied transactions are described in three categories. Each transaction is identified within a category that describes its use within CICS. Each category specifies the recommended security specifications you need, in terms of both the CICS transaction definitions and the corresponding RACF profiles.
- Category 1 transactions
- Transactions that are for CICS internal use only and must not run from a user terminal.
- Category 2 transactions
- Transactions that must be restricted to specific signed-on users; for example, you might want to limit access to transactions that define and install CICS resources.
- Category 3 transactions
- Transactions that are available to all users, whether signed-on or not. These transactions are not subject to security checking. Any security definitions for these transactions are redundant.
The three categories contain all the required CICS transactions, which are generated in their designated groups when you initialize your CICS system definition data set (CSD). The CSD does not include the CICS sample transactions (those that are in groups starting with DFH$). Sample applications should not require RACF protection, because you are unlikely to install them on a CICS production system.
See Implementing CICSPlex SM security for details of CICSPlex SM-related transactions.
- Specifying the system initialization parameter SEC=NO, which switches off all security checking, or
- Specifying the system initialization parameter XTRAN=NO, which switches off transaction-attach security checking only.
There is no parameter on the transaction resource definition that allows you to run with transaction security on some transactions but not others. If you are running with transaction security (SEC=YES and XTRAN=YES), CICS issues a security check for each transaction attach, other than a transaction within category 3, to establish whether the user is permitted to run that transaction.