Assigning CICS VR proper access authority

By default, all processes started by the CICS® VR server address space run under an undefined RACF® user ID.

If RACF, or similar security product, is implemented, you must define the CICS VR started task to RACF and assign it a user ID with appropriate authorization that allows the CICS VR server address space to update and delete information from the appropriate RCDS, log streams, and log stream copies. For example, you can run:
RDEFINE STARTED CICSVR.* STDATA(USER(SYSTASK)) 
SETR RACLIST(STARTED) REFRESH
If you plan on using CICS VR automatic batch backout, and if RACF or a similar security product is in place, be sure to define the DWWBAFJS started task to RACF and assign it a user ID with appropriate authorization to browse the output of the batch backout job. For example, you can run:
RDEFINE STARTED DWWBAFJS.* STDATA(USER(user ID))
SETR RACLIST(STARTED) REFRESH
Start of change A value DWWRMDFS for the server set up control default is registered in the RCDS as the name of the setup job that must be run during the initialization of the CICS VR server address space. If RACF or a similar security product is in place, you must define the setup job as a started task to RACF and assign a user ID with the appropriate authorization to browse the output of the setup job. For example, you can run the following command
RDEFINE STARTED DWWRMDFS.* STDATA(USER(user ID)) 
SETR RACLIST(STARTED) REFRESH
End of change

Start of change CICS VR uses a customized version of the log of logs scan JCL skeleton to run the log of logs scan at regularly scheduled times and to run the scan manually at convenient times. The skeleton is located in member DWWARSCA of the CICS VR library SDWWCNTL. Edit the JOB statement in the log of logs scan JCL skeleton to conform to the environment standards. Copy the updated DWWARSCA member into PROCLIB library. If RACF or a similar security product is in place, define the DWWARSCA started task to RACF and assign it to a user ID with the appropriate authorization to browse the output of the log of logs scan job. For more information about log of logs scanning see, Automatic and manual log of logs scanning. End of change

If you plan on using automated recovery, and if RACF or a similar security product is in place, be sure to define the DWWCBINF, DWWCBRRG and DWWCBRRY started tasks to RACF. Assign these tasks to a user ID with appropriate authorization to browse the output of automated recovery job.

For RACF details see z/OS® Security Server RACF System Programmer's Guide. For details of using CICS VR automatic batch backout, see Automatically running CICS VR batch backout.


Information Information

Feedback


Timestamp icon Last updated: Friday, 29 November 2013


http://pic.dhe.ibm.com/infocenter/cicsts/v5r1/topic///dwwig/dwwig00078.html