CICS IA transaction security

CICS® IA has no internal RACF® security classes. The two main interfaces are application programs. These two interfaces are the Operations and Administration Interface driven by transaction CINT and the Eclipse-based Query Interface.

All CICS IA transactions are defined with RESSEC(NO) and CMDSEC(NO). If you want to categorize and define the IA transactions in a similar way to CICS transactions, see Table 1. It shows the CICS IA transactions and their RACF categories as described in the CICS RACF Security Guide. It also indicates whether the transaction runs a program that has a DB2® DBRM associated with it.

Table 1. RACF categories for CICS IA transactions
Transid Description Category DB2
CINT Drives program CIUA000C for Operation and Administration. 3 YES
CINB Drives program CIUCINB1 for a long running task that writes the data to VSAM (see note below). 1  
Start of changeCINCEnd of change Start of changeDrives program CIUACM10 for the Command Flow feature.End of change Start of change3End of change  
Note:

Transaction CINB is a long-running task that cannot be started from a terminal and has no terminal associated with it. If you are collecting DB2 data, the user ID under which it runs requires authorization to the SYSIBM.SYSSTMT and SYSIBM.SYSPACSTMT tables. In most cases, the CICS default User ID is used. However, in some cases it might be the PLT user ID if started by PLT processing, the ID of the current CINT transaction, or the Link ID if the CINT transaction is routed to another CICS region.

Authorization might be given by granting the userid access to the CICS IA batch plan.