The EZAC and EZAO transactions are designed to be run with a terminal. If you want a user to administer the IP CICS® sockets configuration then you must grant the user authorization to the EZAC transaction. If you want a user to manually start and stop the IP CICS socket interface then you must grant the user authorization to the EZAO and EZAP transactions . If you want a user to manually start and stop the listener then you must grant the user authorization to the EZAO and CSKL (and any user defined transaction defined to execute EZACIC02) transactions.

The IP CICS socket interface can be started and shutdown by placing EZACIC20 in the PLT; therefore, an entry must be placed in your PLT RACF class to allow this action. User ID's that are used to start the IP CICS socket interface include those defined with the PLTPIUSR SIT macro should be allowed USE access to the resource class where the IP CICS sockets transactions are defined. The CICS region user ID must also be authorized to be the surrogate of the user ID specified on the PLTPIUSR parameter.

User ID's used to manage the starting and stopping of the CICS socket interface (EZAO), the listener (CSKL or user defined transactions executing EZACIC02) and user application programs linking to the IP CICS domain name server module, EZACICxx should at least be granted UPDATE access to the EXITPROGRAM resource.

For more information about RACF security management in the CICS environment, see z/OS Security Server RACF Security Administrator's Guide.