In some situations, current software practices limit the effectiveness of relying on CICS resource security alone. For additional security control, REXX/CICS was designed with the concept of command level security. Because most facilities under REXX/CICS are accessed as commands, command level security can be used to control access to CICS (and other product or system) facilities. For example, VSAM file access is accomplished through the READ, WRITE, and REWRITE commands.
REXX/command level security is controlled by the DEFSCMD and DEFCMD AUTH parameter and by the provision of authorized REXX/CICS library support.
Command execution security controls the use of certain REXX/CICS commands, or command keywords. In general, this is accomplished by the designation of certain commands (or command options) as authorized. Such command designation is accomplished by the DEFCMD and DEFSCMD commands. For authorized commands to execute properly, they must either be: