In general, the resources that the CICS®-supplied CEMT master terminal transaction
operates on are the same as the equivalent system programming commands shown
in
Table 1. If, in addition to normal transaction-attach security,
you are using command security, you must ensure that authorized users of CEMT
are also authorized for the CICS commands, as appropriate. If a user is authorized
to initiate the CEMT transaction, but is not authorized for the resources
on which the system programming commands in
Table 1 depend,
CICS returns a NOTAUTH condition. To allow your system programmers to use
the CEMT command in a command security environment, give them UPDATE access
to the group profile that protects commands on which you want them to issue
the PERFORM, SET, and DISCARD commands. UPDATE authority should be given to
users specifying XPPT=YES and XCMD=YES when they issue a CEMT SET PROG(xxx)
command. and you should provide READ access to the group profile that protects
the commands on which you want them to issue only INQUIRE and COLLECT commands.
PERMIT profile_name CLASS(VCICSCMD) ID(user or group) ACCESS(READ)
PERMIT profile_name CLASS(VCICSCMD) ID(user or group) ACCESS(UPDATE)