Policy scopes

Policies are defined in CICS® bundles. The scope of a policy describes how it is applied to CICS user tasks.

Policies are deployed to one of the following specific scopes:
  • Platform scope. When a policy is deployed with a platform scope, it applies to all user tasks in the platform that have the matching platform in their application context.
  • Application scope. When a policy is deployed with an application scope, it applies to all user tasks in the platform that have the matching platform, application, and application version information in their application context.
  • Region scope. When a policy is deployed with region scope, it applies to all user tasks that are running in that CICS region. This method is useful in a stand-alone CICS region (SMSS) where you cannot define a platform and applications.
  • Operation scope: when a policy is deployed with an application, or to a stand-alone region. When a policy is deployed with an operation scope, it applies only to user tasks that match the operation in their application context.
Table 1. Policy scoping
Effective policy scope What the policy rules apply to How the policy is deployed
 1  Region. The policy rules apply to all user tasks that run in the CICS region to which you deploy the policy. The policy is deployed as a CICS BUNDLE resource defined in the CSD or CICSPlex® SM data repository, and installed into any CICS region.
 2  Platform. The policy rules apply to all user tasks in the platform that have the matching platform in their application context. When you define a CICS Platform project, you add to it the CICS bundles that contain policy definitions to be deployed with the platform. If you want to deploy a policy to an already active platform, export the policy bundle to the platform home directory in zFS, then use the CICS Explorer® ADDBUNDLE operation dialog to install it into a region type. For more information about the ADDBUNDLE operation dialog, see Adding a CICS bundle to a platform.
 3  Application. The policy rules apply to all user tasks in the platform that have the matching platform, application, and application version information in their application context. When you define a CICS Application project, you add to it the CICS bundles that contain policy definitions to be deployed with the application. Alternatively, you can also deploy CICS bundles with the application binding, depending on the architecture of your application.
 4  Operation. When a policy is deployed with an application, the policy rules apply to all user tasks in the platform that have the matching platform, application, and application version and operation information in their application context.

When a policy is deployed to a stand-alone region, the policy rules apply to all tasks in the region that have matching operation information in their application context.

 First, you define the policies in a CICS bundle. You then define the scoping for the operation by editing the CICS bundle manifest with the CICS manifest editor to define an application entry point and a policy scope. Finally, you complete one of the following procedures:
  • Add the CICS bundle to a CICS Application project for deployment.
  • Deploy the policy as a CICS BUNDLE resource defined in the CSD or CICSPlex SM data repository, and installed into any CICS region.

CICS bundles that define a policy scope for an operation cannot be deployed with a platform project or added to an already active platform by using the ADDBUNDLE operation dialog. For more information, see Defining policy scopes and Defining application entry points.

When a policy is installed into a CICS region, CICS combines its rules with all of the other policies that are deployed with different scopes in that CICS region to determine a set of rules that apply for each unique runtime scope. Policy rules that are deployed with different scopes might apply to the same task. For policy deployed to a CICS platform, or with a CICS application, you can use the Cloud Explorer view in CICS Explorer to determine which set of policy rules apply to a task. For example:
  • If you query policy rules against a specific application version, you see an aggregation of the policy rules for scopes  1 ,  2 , and  3 . This set of rules applies to all user tasks for this application version.
  • If you query policy rules against a specific operation of an application, you see an aggregation of the policy rules that apply at scopes  1 ,  2 ,  3 , and  4 . This query shows any additional policy rules that apply to a specific operation of an application, as well as the policy rules that apply to the application.
  • If you query policy rules against a platform, you see an aggregation of the policy rules that apply at scopes  1  and  2 . This query shows you all the policy rules that apply to all application tasks that run on the selected platform. It is a subset of the policy rules that you see if you query the policy rules for a specific application (or application operation) running on that platform.
  • Similarly, if you query policy rules against a region type, you see an aggregation of the policy rules that apply at scopes  1  and  2 . This query shows you all the policy rules that apply to all application tasks that run in regions of this type on the platform.
Because policy rules can be aggregated in this way, CICS maintains the following sets of policy rules:
  • A set of all policy rules with region scope.
  • A set of all policy rules with platform scope; one for each platform that a specific CICS region is a member of.
  • A set of all policy rules for a particular application version; one set for each application version that is deployed in the CICS region.
  • A set of all policy rules for each operation of an application version; one set for each operation of an application version.
When a new user task is attached, CICS associates one of these sets of policy rules with the task at one of two points in the task's lifetime:
  1. When a task's initial program is called. Depending on whether the task’s application context is set, CICS associates the policy rules in the following way:
    • If the task's application context is set, that is, the task passed through an application entry point, CICS applies the set of policy rules whose scope best matches the task's application context. CICS checks for the best match as follows:
      1. CICS checks for a set of rules whose scope matches the platform, application, application version, and operation in the task's application context.

        When the application entry point is defined in a CICS bundle that is deployed to a stand-alone CICS region, only the operation name is set in the task’s application context. In this situation, if no match is found, the process continues to step 1.d.

      2. If no match is found, CICS checks for a set of rules that match the platform, application, and application version in the task's application context.
      3. If no match is found, CICS checks for a set that match on platform name only.
      4. If no match is found, CICS checks for a set of rules that apply for the region.
      5. If no match is found, the task runs without any policy rules.
      These policy rules are enforced for the remainder of this task's lifetime. Even if the application context changes, the policy rules remain the same.
    • If the task's application context is not set, CICS just associates the set of region policy rules, if any, with the task
  2. When a task invokes an application entry point program by using EXEC CICS LINK, XCTL or INVOKE APPLICATION. If the application context was set at task attach, the policy rules for the task remain unchanged. However, if the application context was not set at task attach, CICS looks for the best set of policy rules that match the task's application context, as described earlier. If a match is found, this set of policy rules replaces any region scoped policy rules that were associated with the task at task attach. This new set includes any such region scoped rules.
For more information about application context, see Application context in Product overview.

During task execution, CICS applies the policy rules of a specific type in order of lowest threshold to highest threshold. Where multiple rules apply at the same threshold, CICS processes message action rules first, then event action rules, and finally abend action rules. This method ensures that messages and events are emitted before a task is abended.

Parent topic: Creating a policy in a CICS Bundle project