Security classification of data and users

RACF® gives you the means to classify some or all of the resources on your system. You can use security levels, security categories, or both, to protect any CICS®-related resource.

Consider classifying resources if you want to control access to them without having to specify access lists in each resource profile. If you classify a resource, only users whose user profiles are appropriately classified will be able to access that resource. For information on using security levels and security categories, see the z/OS Security Server RACF Security Administrator's Guide. Because CICS uses the RACROUTE REQUEST=FASTAUTH function, some services such as security labels and global access checking are not available under CICS. See the z/OS Security Server RACF Security Administrator's Guide for information on what is available with FASTAUTH.

You can also put users with the same access or logging requirements into groups. A user can belong to one or more groups, one of which is their default. The sign-on process allows the user to override the default RACF user group name. If “list of groups checking” is inactive, signing on with different group names might give a user different authorities.