You can use QUERY SECURITY to perform a different level of security checking
from that which CICS® would perform for application programs that specify
RESSEC(YES) or CMDSEC(YES).
For example, suppose a transaction has RESSEC(YES) and contains a number
of EXEC CICS READ FILE commands and a number of EXEC CICS WRITE FILE commands.
For each command, CICS performs a security check to ensure that the terminal
user has access to the relevant file, even though the same file may be being
accessed each time. An alternative to this is to switch off security checking
at the transaction level by specifying RESSEC(NO) on the transaction definition
and then, when the application starts, execute a command such as:
EXEC CICS QUERY SECURITY RESTYPE('FILE') RESID(file_name) UPDATE(cvda)
This command allows the transaction
to continue without any further calls to RACF®.
Note: Switching resource security checking off, using RESSEC(NO),
means that all resource checks—not just of files
as in the above example—are bypassed.