Resource Classes for CICS Security

The table below defines the name of each default resource class used in Enterprise Server for CICS security, its meaning, the type of resource entities it contains, and the minimum permission that a user requires on the entities.

Note:

The CICS class names can be configured using environment variables (see Environment Variables for CICS Resource Classes). CICS will only use the first 7 characters of the value specified in the environment variable, it will then prefix the value with 1 character depending on the request.

CICS Class name

CICS corresponding

Entities

ACCESS LEVEL

ACICSPCT

CICS Program control table

Started Transactions

READ

CCICSCMD

Used by CICS/ESA 3.1, or later, to verify that a user is permitted to use CICS system programmer commands such as INQUIRE, SET, PERFORM, and COLLECT

CICS Command Functions

See resource and cross reference table

DATASET

Dataset Names or Physical Filename used by CICS at startup

Files

READ or UPDATE

DCICSDCT

CICS Transient data queues

Transient Data Destination

UPDATE

FCICSFCT

CICS File control table

Files

READ or UPDATE

JCICSJCT

CICS Journal control table

Journal Number

READ or UPDATE

MCICSPPT

CICS Processing program table (LINK/XCTL)

Programs

READ

PCICSPSB

CICS Program specification blocks (PSBs)

Program Status Block

N/A

SCICSTST

CICS temporary storage queues

Temporary Storage Queues

READ or UPDATE

TCICSTRN

CICS Transactions

Transactions

READ

SURROGAT

Class for CICS SURROGATE users (EXEC CICS START USERID).

Users

READ

Note:

In previous releases, security was not enforced for TS or TD queues that were not declared in the security repository. Now, by default, you must declare each TS or TD that your transactions will access. To revert to the previous behaviour, use the ES_OLD_SEC_TSTD environment variable.