Implementing security for temporary storage queues

To implement security for temporary storage queues:
  1. Specify RESSEC(YES) in the CSD resource definition of the appropriate transactions.
  2. Specify the security attribute on suitable TSMODEL resource definitions in the CSD. CICS® does not perform any security checks on temporary storage queues that specify SECURITY=NO on the matching TSMODEL definition.
  3. Define profiles to RACF in the SCICSTST or UCICSTST resource classes (or their equivalent if you have user-defined resource class names), with access lists as appropriate. For example, use the following commands to define queues in the SCICSTST class, and to authorize users to both read from and write to these queues:
    RDEFINE  SCICSTST  (tsqueue1, tsqueue2, ..., tsqueuen) UACC(NONE)
                       NOTIFY(sys_admin_userid)
    PERMIT tsqueue1 CLASS(SCICSTST) ID(group1, group2) ACCESS(UPDATE)
    PERMIT tsqueue2 CLASS(SCICSTST) ID(group1, group2) ACCESS(UPDATE)
    To define temporary storage queues as members of a profile in the CICS temporary storage resource group class, with an appropriate access list, use the following commands:
    RDEFINE  UCICSTST  tsqueue_group  UACC(NONE)
                       ADDMEM(tsqueuea, tsqueueb, ..., tsqueuex)
                       NOTIFY(sys_admin_userid)
    PERMIT tsqueue_group CLASS(UCICSTST) ID(group_userid) ACCESS(UPDATE)

    For more information about defining temporary storage profiles, see Other temporary storage security considerations.

  4. Start of changeSpecify SEC=YES as a CICS system initialization parameter (and SECPRFX if you define profiles with a prefix).End of change
  5. Specify XTST=YES as a CICS system initialization parameter for the default resource class names of SCICSTST and UCICSTST (or XTST=class_name for user-defined resource class names).
Note: CICS continues to support the DFHTST TYPE=SECURITY macro for defining temporary storage security. However, you are recommended to migrate your temporary storage tables (TSTs) to the CSD as TSMODEL definitions.