Adding a security request recording (SRR)
To add a security request recording (SRR), you need to use the Regions view in CICS Explorer®.
Before you begin
You must have configured SRR in CICS. For more information, see Configuring security request recording (SRR).
Procedure
In the Regions view you can select one or more regions and then by using the menu, select the Add Security Request Recording option. This action displays the Perform SRRADD Operation dialog window.

The Name and Maximum fields are always displayed regardless of which tab is in focus.
The Name of the recording, also known as the matchid is a mandatory field. You can use the following characters in the Name field:
A-Z a-z 0-9 $ @ # . / - _ % & ? ! : | ' = " ¬ , ; < >
The Maximum field is a mandatory fullword value that specifies the number of times a matching entry matches a transaction’s origin data before the recording stops running.
The Perform SRRADD Operation offers different tabs so that you can select the most appropriate origin entry point you need to filter your request. If you don't know what data you need to collect, it is possible to submit the form without specifying any origin data to track.
- All
- This tab can be used for any problem. However, if you know that the user is using a specific capability, it is better to use the tab that is related to that capability. If you use the most appropriate tab, it lists only the fields that apply to that capability.
- 3270
- This tab is for problems where the user is using a 3270 terminal emulator. The user normally has signed-on to a terminal-owning region (TOR) region. For more information, see Security for 3270.
- Web
- This tab is for problems where the user is connecting from a browser or client to a port defined by a TCPIPSERVICE in CICS®. For more information, see Security for CICS web support.
- Web Services
- This tab is for problems where the user is using a client to send a web service to a port defined by a TCPIPSERVICE in CICS. For more information, see Security for SOAP web services.
- JVM Server
- This tab is for problems where the user is connecting from a browser or client to a port defined in a Liberty Service in CICS. For more information, see Security for CICS Liberty.
- MQ Bridge
- This tab is for problems where user is issuing IBM® MQ request to the IBM MQ Bridge. For more information, see Security for CICS-MQ bridge.
- MQ
- This tab is for problems where user is issuing IBM MQ requests to an IBM MQ queue that is handled by an MQCONN. The term IBM MQ Adapter might also be applied to this tab. For more information, see Security for CICS-MQ adapter.
- EXCI
- This tab is for batch programs that issue EXCI request to a CICS region. For more information, see Security for EXCI.
- IPIC
- This tab is primarily used for IPIC. This tab is also for ZCEE connecting to CICS through an IPCONN. For more information, see Security for IPIC.
Selected fields on the All tab are used on the other tabs, based on the needs of that tab. Table 1 shows the fields, alternative field names (applicable to the MQ tab), and the description of that field. To see the origin data field used, you can move your cursor over the field name and after a short time the hover help is shown.
Field name | Alternate field name (MQ tab) | Field description |
---|---|---|
Facility Type | The facility type to be matched can be one of these types:
|
|
Facility Name | The facility name to be matched. | |
Transaction ID | The transaction ID to be matched. | |
User ID | The user ID to be matched. | |
IP Family | A value that indicates the form of TCP/IP addressing used by the originating task. | |
Client IP Address | The client IP address in either IPv4 or IPv6 format that is to be matched. | |
Client Port | The client port to be matched. | |
TCPIP Service | The name of the TCPIPSERVICE to be matched. | |
Server Port | The server port to be matched. | |
Appl ID | The APPLID to be matched. | |
Apple ID Net ID | The network ID to be matched. | |
VTAM® LU Name | The VTAM LU name to be matched. | |
Net ID | The net ID to be matched. | |
Adapter ID | The adapter ID to be matched. | |
Adapter Data 1 | Queue Manager | The adapter data 1 or queue manager to be matched. |
Adapter Data 2 | Init Queue | The adapter data 2 or unit queue to be matched. |
Adapter Data 3 | Queue Name | The adapter data 3 or queue name to be matched. |
When submitted, you can review the status of your SRR by using the Security Request Recordings view.
For more information about how to use Security Request Recording, see How security request recording can help diagnose security access issues.