CICS BAC generates administrative resource names when the workstation administration client, the file maintenance utility, or the ISPF administration interface attempts to access a record in a CICS region control file. Accesses that simply read the record require only a UACC of READ for the resource. Examples of this are the LIST command in the file maintenance utility and the download and browse functions of the workstation administration client. Other accesses, such as insert, replace, or delete require a UACC of UPDATE for the resource. Examples of this are the ADD, UPDATE, and DELETE commands of the file maintenance utility and the upload and delete from host functions of the workstation administration client. The name generated for the security check is the name you need to define to RACF in the FACILITY general resource class.
The objectType and objectName fields for accessType ADMIN are derived according to the following table:
objectType | objectName |
---|---|
FILE | The name of the file object being accessed. |
TDQUEUE | The name of the transient data queue object being accessed. |
TRANSID | The name of the transaction object being accessed. |
PROGRAM | The name of the program object being accessed. |
APPGROUP | The name of the application group object being accessed. |
APPLIST | Name of the application list object being accessed. |
REGION | The literal PROPERTY for access to a CICS region object. |
Some examples of the ADMIN access type resource names are as follows:
RDEFINE FACILITY $CBK.CICSP.ADMIN.FILE.PAYROLL UACC(NONE)
To read this file object, a user requires specific READ access for this
profile. Alternatively, you could grant everyone access by changing the universal
access to UACC(READ).RDEFINE FACILITY $CBK.CICSTEST.ADMIN.APPGROUP.DOCUMENT UACC(NONE)
To
delete this application group object from the CICS region control file a user
requires specific UPDATE access for this profile.RDEFINE FACILITY $CBK.CICST.ADMIN.REGION.PROPERTY UACC(NONE)
To update the CICS region object, a user requires specific UPDATE access
for this profile.