Start of change

Server security profiles

So that various access levels can be permitted for CICS® VR users you are required to define a new profile to the FACILITY class in your security product. The access levels required to perform particular functions is provided in a table.

The security administrator can permit various levels of access to these profiles for any users of CICS VR. In general, a user can have NONE, READ, UPDATE, CONTROL or ALTER as the permitted level of access for a particular function, (external service request to the CICS VR server address space from batch jobs). If the user tries to perform a function without the correct level of access, the function is rejected with a return code 8 and a reason code of 71313E03 which states that the user is not authorized to perform this function. The user can contact the security administrator to request the correct access. In this case, the return code and the reason code can be displayed in the appropriate message, for example; in the message DWW8152I, ADR927E and IEC161I.

Table 1. Access levels required to perform particular functions
Function Profile Access level Class
VSAM batch logging CICSVRLOGGING CONTROL FACILITY
Logical backup notification CICSVRBACKUP CONTROL FACILITY
File copy notification CICSVRFILECOPY CONTROL FACILITY
CICS backout failed notification CICSVRCBFAILED CONTROL FACILITY

Example

Start of change
RDEFINE FACILITY CICSVRLOGGING 
PERMIT CICSVRLOGGING ACCESS(CONTROL) CLASS(FACILITY) ID(userid)
End of change
End of change