To prevent unauthorized or accidental modification of hlq.SDFHAUTH or hlq.SDFJAUTH, you should RACF-protect these libraries. Without such protection, the integrity and security of your MVS™ system are at risk. Additionally, if you require protection against the unauthorized use of DFHSIP, do not place this module in the LPA and do not include hlq.SDFHAUTH in the MVS LNKLST unless DFHSIP is RACF-protected as a controlled program with a profile in the RACF® PROGRAM resource class.
You should also RACF-protect the other libraries (including hlq.SDFHLOAD) that make up the STEPLIB and DFHRPL library concatenations.
For information about authorizing access to CICS® data sets, see the CICS RACF Security Guide.
During initialization, CICS determines
the availability of backup-while-open (BWO) support by linking to
the callable services modules IGWAMCS2 and IGWABWO. CICS also
checks the DFSMSdss (or DFDSS) release level by linking to
the module ADRRELVL. If access to this data set services module is
controlled by means of RACF PROGRAM general resource profiles,
security violation messages are issued against the CICS region
userid, unless the userid is authorized to access ADR-prefixed module
names.
You can avoid security violation messages against the CICS region userids, and still control access to data set services, as follows: