Defining your own resource classes

You can define your own resource classes so that you have a unique resource class name for each CICS® region. Defining your own resource class names can have the following benefits:
Controlling access from other regions
You can prevent users running in one CICS region from accessing the resources of other CICS regions that have different class names specified. (You can also do this by using prefixing; see the description of the SECPRFX parameter in Security-related system initialization parameters.)
Group administrator for each region

For each CICS region with installation-defined classes, you can authorize a different group administrator to create profiles to be used by that region.

To get this benefit, define the installation-defined classes with a POSIT number other than 5 (the POSIT number of the IBM®-supplied CICS classes). Then give the group administrator the CLAUTH (class authority) for at least one of those classes.

Use the SETROPTS GENERIC command before defining generic profiles, as described in Summary of RACF commands.

With prefixing active, you can also assign different administrators without fear of conflict. To do this, create a generic profile in each class, using the prefix as a high-level qualifier. For example:
RDEFINE TCICSTRN cics_region_id.** UACC(NONE)
        OWNER(cics_region_administrator_userid)

The administrator specified as the OWNER of each such profile can create and maintain more specific profiles. The other administrators cannot do so.

Note: If you are running CICS with XRF, think of the active CICS and its alternate as one CICS system as far as RACF is concerned, and define the same resource class names to both the active and alternate CICS region.