Space announcement This documentation space provides the same content as before, but the organization of the content has changed. The content is now organized based on logical branches instead of legacy book titles. We hope that the new structure will help you quickly find the content that you need.

Abend-AID for CICS security requirements

Granting authority for the CICS region

Ensure that the owner of the CICS region has the level of authority listed for the Abend-AID for CICS files shown in the following table.

File

Authority

Installation sample library (hlq.CTL)

READ

CICSLIB load library (SKFXCLIB)

READ

Shared directory/attached transaction databases

UPDATE

Source listing shared directory/attached source listing files

READ

Note

If you did not grant universal READ access to the customization file, as described in Granting Default Authority to the Customization File, you must grant READ authority to the file to each of your CICS regions.

Granting authority for the TDCAS

If your site has Abend-AID for CICS installed on this server, ensure that the owner of the transaction dump capture address space (TDCAS) has the level of authority listed for the Abend-AID for CICS files shown in the following table.

Required authority for the Transaction Dump Capture Address Space

File

Authority

Shared directory

UPDATE

Transaction databases attached to the shared directory

UPDATE

Customization file

UPDATE

Installation sample library (hlq.CTL)

READ

Db2 load librarY

READ

Source listing files/source listing shared directory

READ

Granting Authority for the TDCAS to RRSAF

Abend-AID for CICS Db2 processing uses Recoverable Resource Manager Services Attachment Facility (RRSAF) to access the Db2 catalog. Therefore, the TDCAS must have access to DSNRLI, which is the RRSAF language interface load module. If your site uses an external security package that restricts access to system modules, you may need to write a rule authorizing the TDCAS to access Db2 DSNR* resources.

Specifying the External_Security_Enabled parameter

Users are required to log onto the TDCAS using a valid user ID and password if you specify YES for the EXTERNAL_SECURITY_ENABLED TDCAS configuration parameter, as described in as described in the Advanced-configuration.

The function value for the logon function is LOGON.TC.

You must write the appropriate rules for your external security package, based on the following resource name Abend-AID for CICS generates for the logon function:

prefix.SERVER.LOGON.TC.servername

The minimum authority you must grant users for this function is READ.

The user ID that starts the CICS region must also have this authority.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*