DL/I program specification blocks (PSBs) are IMS™ control blocks that describe databases
and logical message destinations used by an application program. PSBs consist
of one or more program communication blocks (PCBs), which describe an application
program's interface to an IMS database.
To implement security for PSBs scheduled in CICS® applications:
- Define profiles to RACF® in the PCICSPSB or QCICSPSB resource classes (or their equivalent if you have user-defined
resource class names), with access lists as appropriate. The resource profile
names you define to RACF must correspond to the names of PSBs specified in
CICS PSB schedule commands. For example, use the following commands to define
PSBs in the PCICSPSB class, and to authorize users to access these queues:
RDEFINE PCICSPSB (psbname1, psbname2, ..., psbnamen) UACC(NONE)
NOTIFY(sys_admin_userid)
PERMIT psbname1 CLASS(PCICSPSB) ID(group1, group2) ACCESS(READ)
PERMIT psbname2 CLASS(PCICSPSB) ID(group1, group2) ACCESS(READ)
To define PSBs as members of a profile in the CICS PSB resource group class,
with an appropriate access list, use the following commands:
RDEFINE QCICSPSB psbname_group UACC(NONE)
ADDMEM(psbnamea, psbnameb, ..., psbnamex)
NOTIFY(sys_admin_userid)
PERMIT psbname_group CLASS(QCICSPSB) ID(group_userid) ACCESS(UPDATE)
Specify SEC=YES as a CICS system initialization parameter (and
SECPRFX if you define profiles with a prefix).
- Specify XPSB=YES as a CICS system initialization parameter for the default resource
class names of PCICSPSB and QCICSPSB (or XPSB=class_name for user-defined
resource class names).
- Specify PSBCHK=YES if you want full security for PSBs that are accessed
in transaction-routed transactions. This applies to both types
of DL/I interface (remote and DBCTL). If you specify PSBCHK=NO, the authority
of the remote user is not used in transaction-routed
transactions.
Note: CICS requires a minimum authorization of READ for PSBs.
If you are using DBCTL, see the CICS IMS Database Control Guide for
information on defining security in a CICS-DBCTL environment.