To support XA, CICS® Transaction Gateway issues
authorized RRS calls, through CTGRRMS services. Protect these services
with RACF®,
or another external security manager. Follow these instructions to
add the new services, and to protect them.
- Add hlq.SCTGLINK to
the MVS™ LNKLST. This
load library must be APF-authorized.
- Issue the MVS command
F LLA,REFRESH to refresh the LNKLST LOOKASIDE address space (LLA).
- Give the user ID that is running the CICS Transaction Gateway UPDATE
authority to the RACF entity
CTG.RRMS.SERVICE in the FACILITY class. Activate SETROPTS RACLIST
processing for the FACILITY general resource class. When you activate
this function, you improve performance because I/O to the RACF database
is reduced. If you are using an external security manager other than RACF, see
its documentation for information about how to give the user ID that
is running CICS Transaction Gateway access
to these resources. Issue the TSO commands:
-
SETROPTS RACLIST(FACILITY)
Note: If you
activate SETROPTS RACLIST processing for the FACILITY class, any time
you make a change to a FACILITY profile, you must also refresh SETROPTS
RACLIST processing for the FACILITY class for the change to take effect
(SETROPTS RACLIST(FACILITY) REFRESH).
- Create the entity in the FACILITY class:
RDEFINE FACILITY CTG.RRMS.SERVICE UACC(NONE)
- Enable the user ID for the CICS Transaction Gateway (gway_id):
PERMIT CTG.RRMS.SERVICE CLASS(FACILITY) gway_id ACCESS(UPDATE)
If the CTGINIT module in SCTGLINK is
subsequently refreshed, see Starting, stopping or refreshing the CTGRRMS services.