Changing the level of security checking

You can use QUERY SECURITY to perform a different level of security checking from that which CICS® would perform for application programs that specify RESSEC(YES) or CMDSEC(YES).

For example, suppose a transaction has RESSEC(YES) and contains a number of EXEC CICS READ FILE commands and a number of EXEC CICS WRITE FILE commands. For each command, CICS performs a security check to ensure that the terminal user has access to the relevant file, even though the same file may be being accessed each time. An alternative to this is to switch off security checking at the transaction level by specifying RESSEC(NO) on the transaction definition and then, when the application starts, execute a command such as:
EXEC CICS QUERY SECURITY RESTYPE('FILE') RESID(file_name) UPDATE(cvda)
This command allows the transaction to continue without any further calls to RACF®.
Note: Switching resource security checking off, using RESSEC(NO), means that all resource checks—not just of files as in the above example—are bypassed.