You can control access by CICS® regions to the TS servers. A security check is made against the CICS region userid to verify that the region is authorized to use the services of a TS server. This check is made each time that a CICS region connects to a TS server.
Give each CICS region that connects to a TS server userid UPDATE access to the CICS RACF® profile called DFHXQ.poolname in the FACILITY general resource class. This authorizes the CICS region to use the services of the TS server for the named TS pool.
RDEFINE FACILITY DFHXQ.TSPRODQS UACC(NONE)
PERMIT DFHXQ.TSPRODQS CLASS(FACILITY) ID(CICSDAA1) ACCESS(UPDATE)
When a CICS region has connected to a TS pool, it can write, read, and delete TS queues without any further security checks being performed by the server. However, the CICS application-owning regions issuing TS API requests can use the existing mechanisms for TS resource security checking