This course teaches
you how to implement security for your CICS systems using RACF as the external
security manager. The lecture material will first explain the implementation
tasks for a single-region CICS system and then extend the scope to MRO- or
ISC-connected multiregion CICS systems. In the classroom you will learn both
the CICS and RACF definitions necessary to establish effective security
controls for CICS. You will learn how to:
- Protect CICS system resources so
that CICS itself has access but other users, such as TSO users or batch
jobs, are denied access.
- Define CICS terminal users to RACF
and restrict the CICS regions to which these users will be allowed to sign
- Control access to individual CICS
- Control access to CICS application
resources accessed by these transactions.
- Control execution of CICS system
programmer interface (SPI) commands used within transactions.
- Control access to
installation-defined resources used to support application-specific
- Control access to CICS
transactions and resources when two or more CICS address spaces are
connected to enable use of the CICS transaction routing and
You will learn about
the wide variety of mechanisms that can be used to initiate transactions within
CICS and the techniques for imposing security controls on each of these
mechanisms. These mechanisms include the connections to CICS using Advanced
Program-to-Program Communication (APPC) either from CICS client or server
products on other platforms or from other products that support APPC. You will
also explore the security interface between CICS, RACF, and DB2 and learn how
RACF can be used to secure CICSplex System Manager, one of the elements
provided with CICS Transaction Server for z/OS.
You will have many
opportunities to apply what you have learned in the classroom with hands-on lab
exercises in which you actually set up the definitions in both CICS and RACF.
The hands-on lab begins with exercises where you will familiarize yourself with
the CICS and RACF lab environment. In the lab exercises you start with a CICS
address space that has no security. First, you will protect your CICS region
resources. In subsequent lab exercises, you will set up user sign-on security,
protect transactions, and set up resource-level security and SPI command
security. In the last lab exercise, you establish security between a
terminal-owning region (TOR) and an MRO-connected application-owning region