IBM Z and LinuxONE IBM Z

Expand all | Collapse all

CICS RACF SECURITY

  • 1.  CICS RACF SECURITY

    Posted 2 days ago

    Can you post instructions for CICS RACF security

     

    Regards

     

    Vincent J. Caffarello

    Software Engineer IV

     

    Vertex Inc.

    Phone: 484-595-2595 Mobile: 267-446-9932 

    2301 Renaissance Blvd, King of Prussia, PA 19406

    Email: Vincent.Caffarello@vertexinc.com

     



  • 2.  RE: CICS RACF SECURITY

    Posted 2 days ago
    Hallo Vincent,

    what about the ibm knowledge center?

    Please read carefully all the chapters in section "Securing" 
    of "CICS Transaction Server for z/OS".

    e.g. for CICSTS V5.5 see https://www.ibm.com/docs/en/cics-ts/5.5?topic=securing

    Everything is described there in detail from protecting CICS Resources to
    Authentication mechanisms.



    ------------------------------
    Magnus Duemke
    ------------------------------



  • 3.  RE: CICS RACF SECURITY

    Posted 23 hours ago
    Edited by Paul Newton 23 hours ago
    Hi Vinnie, 

    While Magnus provided the professional documentation, I plan to post a step-by-step to get started as it relates to Dallas Z ISV RDP systems early next week.

    In RACF security terminology, CICS is a resource manager. Resource manager security can be enabled or disabled. Dallas Z ISV RDP provided CICS security is disabled.

    Why?

    CICS manages many resources where enabling security requires decisions about which specific CICS resources to secure. Many of the CICS resources need not be secured because securing all resources would increase CICS security administration related to which of your company CICS developers are allowed to access which of the many protected CICS resources.

    Recommendation:
    Enable CICS RACF security requiring
    1) Signon to CICS using RACF assigned ID and password
    2) Execution of protection of specific CICS supplied transactions
    3) Enable all ISV application transactions

    Above recommendation is an excellent starting point for assisting with future decisions such as protecting other CICS managed resources, protecting specific ISV application transactions, and enabling company CICS developers to access specifically protected CICS supplied transactions such as CEDA, CEMT, etc.

    ------------------------------
    Paul Newton
    ------------------------------