Authorizing CICS regions to access MVS resources
Protect your data sets, authorize your user IDs and regions and activate your RACF® resource classes when you set up your security requirements to run CICS®.
- Grant access to the PDS libraries
- Protect your data sets that use RACF. See Protecting CICS load module data sets.
- SNA ACB
- Authorize each CICS region user ID to open the SNA ACB for the region applid.
- CICS system transactions
- Authorize each CICS region user ID to access the CICS category 1 system transactions.
- SMSVSAM server
- Authorize each CICS region to open the SMSVSAM control ACB if you plan to use CICS with VSAM record-level data sharing.
- System logger log streams
- Authorize each CICS region user ID to access the MVS system logger log streams that are used by CICS.
- z/OS® UNIX
- Include an OMVS segment in the CICS region user profile, specifying the UID parameter, to ensure that your CICS regions have the required access to z/OS UNIX. Failure to do so results in CICS failing to start under that region user ID with RACF message ICH408I and CICS message DFHKE002. Other messages such as DFHKE0501 and DFHDM0105 might also occur if different CICS domains fail to initialize.
- RACF resource classes
- Activate the appropriate RACF resource classes to enable terminal users to access CICS resources and user-defined resources.
- VSAM catalogs
- Give the CICS region user ID read access to each VSAM catalog that contains files, where CICS has the file definitions installed, and where these files are opened during or after CICS startup. Include the VSAM catalog for the DFHCSD file for the CICS system definition data set (CSD).