Verifying CICSPlex SM global security parameters

The CICSPlex® SM default global security parameters are contained in member BBMTSS of the data set defined by the BBACTDEF DD statement in the CAS procedure. Changes, or overrides, to the default security parameters should be placed in member BBMTSS00 of the data set defined by the BBSECURE DD statement in the CAS procedure.

Member BBMTSS contains the following external security manager (ESM) statements:
     ESM ESMTYPE(RACF)      /* ESM TYPE IS RACF                         */
         ESMUID(REQUIRE)    /* ESM-DEFINED USERIDS ARE REQUIRED         */
         ESMGRINH(ALLOW)    /* ALWAYS ALLOW GROUP IDENT INHERITANCE     */
         PRODUCTS(CPSM)     /* SECURITY FOR PRODUCT CPSM                */
         .
         .
         .
The member contains other statements, which you should not change.
The ESM parameters are as follows:
ESMTYPE(esmtype)
Specify:
RACF®
RACF (or another SAF-compatible ESM) is used on the MVS™ system.
NONE
To bypass security.
Refer to Overriding RACF security for CICSPlex SM for details.
ESMUID(REQUIRE)
Specifies that ESM user ID processing is required.
ESMGRINH(grinhopt)
Controls inheritance of the ESM GROUP IDENT for a user ID from an extracted security environment to a target system (that is, whether a user ID ESM GROUP IDENT on one system is to be used when signing the user ID onto another system where cross-system CAS-to-CAS communication is required). Specify the following values:
ALLOW
The user ID ESM GROUP IDENT is inherited.
IGNORE
The user ID ESM GROUP IDENT is not inherited.
Note: IBM® MVS security and integrity guidelines state that when a security environment in inherited from one address space to another (such as CAS on another MVS system) the ESM GROUP IDENT must be propagated. The CICSPlex SM CAS-to-CAS interface adheres to this requirement. However, for those customers that define an identically-named user profile on all systems, but do not define identical ESM GROUP IDENTs, CICSPlex SM provides the option to ignore the ESM GROUP IDENT when cross-system CAS-to-CAS communication is required. It is strongly recommended, however, that you abide by the MVS security and integrity guidelines and continue to use the distributed statement of ESMGRINH(ALLOW)
PRODUCTS(CPSM)
Specifies that CICSPlex SM is the product for which security processing is being performed.
Verify that in the CAS startup JCL the BBSECURE DD statement identifies the library containing a member named BBMTSS00 and that this member contains at least the following:
ESM
    ESMUID(REQUIRE)     /* ALL USERIDS MUST BE DEFINED TO ESM   */
;