Command interface
CICS® systems programmers can use the command interface to run certain RACF® commands directly from CICS instead of TSO. The command interface provides greater distribution of certain capabilities and responsibilities to CICS users. It eliminates the need to use the TSO application and reduces CPU overhead.
When you use the command interface for searches:
- You can use more extensive search masks to retrieve information about profiles.
- You have greater flexibility in the criteria that are used.
Under this methodology, the responsibility of resetting user passwords can be decentralized to any other area where there is access to a CICS terminal. Data Security personnel can then use their time and efforts in other areas.
RACF protects both the transaction that is used to start zSecure CICS Toolkit for the command interface and the commands themselves. Even if there is no security on the zSecure CICS Toolkit transaction, the user must be permitted to the commands in RACF to start them. A user must also be permitted to have the authority to reset user IDs. The only exception is a user with the SPECIAL attribute or a user with access to the TOOLKIT.SPEC definition. For information about this definition, see zSecure CICS Toolkit installation.
All changes to RACF profiles produce SMF records.