System authorization facility (SAF) responses to the TS server

If the security profile for a TS pool cannot be retrieved, SAF neither grants nor refuses the access request. In this situation:

Access to the TS pool, either by a CICS region or by the TS server itself, is rejected if:
Access to the TS pool, either by a CICS region or by the TS server itself, is accepted if:
Access is permitted to any TS server without a specific DFHXQ.poolname profile, or an applicable generic profile. No messages are issued to indicate this. To avoid any potential security exposures, you can use generic profiles to protect all, or specific groups of, TS servers. For example, specifying:
RDEFINE FACILITY (DFHXQ.*) UACC(NONE)
ensures that access is allowed only to TS servers with a more specific profile to which a TS server or CICS region is authorized.