Here is the format of the security keys that the CICS® Configuration Manager server creates
to check a user's authority to manipulate resource definitions:
- 1
- If the target resource definition
key specifies a ResGroup that does not exist, then the API command
the attempts to create the ResGroup. This involves an additional security
key, as if a Create API command had been requested for the ResGroup.
Note that this additional security checking does not involve API command
security checking for a Create API command; just resource definition
security checking for the ResGroup that needs to be created (as per
the entry for Create in this table).
- 2
- If the resource type is a group/ResGroup, then specify a "-" (hyphen)
character as the group parameter.
- 3
- If the source CICS configuration
refers to an export file, then no security check is performed for
the source resource definition.
- 4
- You can think of a Rename API command as consisting of two operations:
delete the source resource definition, and then create the target
resource definition. Both operations require ALTER access authority.
A Rename API command for a group/ResGroup
involves resource definition security checks (requiring ALTER access
authority) for all of the following:
- Each source resource definition (in the original group/ResGroup)
- Each target resource definition (in the renamed group/ResGroup)
- When renaming a ResGroup (not a group): the target ResGroup
- 5
- The CICS configuration parameter for Import refers to the target
CICS configuration where the resource definition is to be imported
(copied) to, not the source CICS configuration (that refers to the
export file) where the resource definition is to be imported from.
For each resource definition, the Copy and Rename API commands
create two security keys, and make two calls to the external security
manager: one for the source resource definition, and another for the
target resource definition.
For the Rename API command, the parameter for the CICS configuration
is labelled "target" in both security keys because you can only
rename a resource definition within the same CICS configuration.
The resource definition name is the last qualifier in the security
key to simplify group resource profile definitions: some resource
types may contain a period (.) as part of the resource name.
For descriptions of the fields in these keys, see API parameters.