Question & Answer
During warning mode, RACF allows all requesters to access the resource, and, if the requester would not otherwise be allowed access, RACF sends a message to the requester.
What would the EXEC CICS QUERY SECURITY command return if a user does not have access to a resource in RACF and RACF is in Warning mode?
The EXEC CICS QUERY SECURITY command will always return the correct information whether in warning or failure mode. So for example if a userid only has read access to CEMT they would get the following returned from the QUERY SECURITY command for both modes:
REAd( +0000000035 ) = READABLE
Update( +0000000038 ) = NOTUPDATEABLE
Control( +0000000057 ) = NOTCTRLABLE
Alter( +0000000053 ) = NOTALTERABLE
If RACF is in WARNING mode then the user is still able to use CEMT, however if the profile is switched to FAIL then the user would no longer have access to CEMT.
CICS/TS CICSTS CICS TS CICS Transaction Server
11 May 2017