RACF administration

As the security administrator for one or more CICS® regions, and for the users of the CICS applications, it is your job to ensure that your installation's data is properly protected. Using RACF®, you are responsible for protecting all system resources, and, in the context of this manual, CICS resources in particular.

A key feature of RACF is its hierarchical management structure. The RACF security administrator is defined at the top of the hierarchy, with authority to control security for the whole system. If you are not yourself the RACF security administrator, you must ask that person to delegate to you sufficient authority to work with RACF profiles and system-wide settings. You must also work with the RACF auditor, who can produce reports of security-relevant activity based on auditing records generated by RACF.

RACF security administrators have either the system-SPECIAL attribute, the group-SPECIAL attribute, or a combination of other authorities.

For complete information about the authorities required to issue RACF commands, and for information on delegating authority and on the scope of a RACF group, see the z/OS Security Server RACF Auditor's Guide.

For information on the RACF requirements for issuing RACF commands, see the descriptions of the commands in the z/OS Security Server RACF Command Language Reference.

You can find out whether you have the system-SPECIAL or group-SPECIAL attribute by issuing the LISTUSER command from a TSO session. If you have the system-SPECIAL attribute, SPECIAL appears after the USER ATTRIBUTES phrase in the first part of the output. If you have the group-SPECIAL attribute, SPECIAL appears after the USER ATTRIBUTES phrase in the offset section that describes your connection to a RACF group. For a complete description, with an example of LISTUSER output, see the z/OS Security Server RACF General User's Guide.