If you are running CICS with security checking for transient data queues, CICS issues a call to RACF for each command that specifies a queue name. However, the resource name that CICS passes to RACF is the queue name of the final queue, which is not necessarily the name of the queue specified on the command.
TDQ definition: DEFINE TDQUEUE(QID1)
TYPE(EXTRA)
TYPEFILE(OUTPUT)
RECORDSIZE(132)
BLOCKSIZE(136)
RECORDFORMAT(VARIABLE)
BLOCKFORMAT(UNBLOCKED)
DDNAME(CICSMSGS)
GROUP(DFHDCTG)
DEFINE TDQUEUE(QID2)
TYPE(INDIRECT)
INDIRECTNAME(QID1)
GROUP(DFHDCTG)
CICS transaction: EXEC CICS WRITEQ TD
QUEUE(QID2)
FROM(data_area)
LENGTH(length)
CICS calls RACF: Does the terminal user of the CICS transaction
have UPDATE authorization for QID1?