Controlling the security of CICS transactions supplied by IBM MQ
If you want a user to administer the CICS® adapter, grant the user authorization to certain transactions.
The CKTI and CKAM transactions are designed to be run without a terminal; no user should have access to these transactions. These transactions are examples of what the CICS RACF Security Guide calls "category 2 transactions". For information about how to set up these transactions in CICS and RACF®, see the information about category 2 transactions in the CICS RACF Security Guide.
CKQC | Controls the CICS adapter functions |
CKBM | Controls the CICS adapter functions |
CKRT | Controls the CICS adapter functions |
CKCN | Connect |
CKSD | Disconnect |
CKRS | Statistics |
CKDP | Full screen display |
CKDL | Line mode display |
CKSQ | CKTI START/STOP |
If required, you can restrict access to specific functions of the adapter. For example, if you want to allow users to display the status of the adapter through the full screen interface, but nothing else, give them access to CKQC, CKBM, CKRT, and CKDP only.
Define these transactions to CICS with RESSEC(NO) and CMDSEC(NO). For more details, see the CICS RACF Security Guide.