Previous Topic: Securing PERFORM CommandsNext Topic: Examples: securing EXEC CICS INQUIRE and SET commands

Implementing SecurityAdministering CICS Command SecuritySecuring EXEC CICS Commands

Securing EXEC CICS Commands

You can secure EXEC CICS commands via the CA Top Secret SPI resource. The syntax for the IBM EXEC CICS command is:

EXEC CICS function option(argument)
function

Corresponds to the CA Top Secret access level.

option

The equivalent to the CA Top Secret SPI resource.

argument

The data element being examined or modified.

For example:

EXEC CICS SET FILE(PAYROLL) OPEN

To secure EXEC CICS commands:

For example:

TSS ADDTO(divacid) SPI(FILE)

TSS PERMIT(acid) SPI(FILE)
                 ACCESS(SET)

The same SPI keyword is used for both CEMT and EXEC CICS restrictions. Once ownership is established, protection is available for both CEMT and EXEC CICS commands.

INQUIRE and SET Commands

CA Top Secret provides the SPI resource for securing EXEC CICS INQUIRE and SET commands.

The following table lists the EXEC CICS command options and their SPI equivalents for the EXEC CICS INQUIRE and SET commands:

Command Option

SPI Keyword

ASSOCIATE

Note: You can only use INQUIRE.

SPI(ASSOCIAT)

ATOMSERVICE

SPI(ATOMSERV)

AUTINSTMODEL

SPI(AUTINSTM)

AUTOINSTALL

SPI(AUTOINST)

BUNDLE

Note: This option is used for CTS 4.1.0 and above.

SPI(BUNDLE)

BUNDLEPart

Note: This option is used for CTS 4.1.0 and above. You can only use INQUIRE.

SPI(BUNDLEPA)

CAPTURESPEC

Note: This option is used for CTS 4.1.0 and above. You can only use INQUIRE.

SPI(CAPTURES)

CONNECTION

SPI(CONNECTI)

DB2ENTRY

SPI(DB2ENTRY)

DB2TRAN

SPI(DB2TRAN)

DELETESHIPPED

SPI(DELETESH)

DELTSHIPPED

SPI(DELTSHIP)

DOCTEMPLATE

SPI(DOCTEMPL)

DSNAME

SPI(DSNAME)

DUMPDS

SPI(DUMPDS)

EPADAPTER

SPI(EPADAPTE)

EVENTBINDING

Note: This option is used for CTS 4.1.0 and above.

SPI(EVENTBIN)

EVENTPROCESS

Note: This option is used for CTS 4.1.0 and above.

SPI(EVENTPRO)

EXITPROGRAM

SPI(EXITPROG)

FILE

SPI(FILE)

HOST

SPI(HOST)

IPCONN

SPI(IPCONN)

IPFACILITY

Note: This option is used for CTS 3.2 and above. You can only use INQUIRE.

SPI(IPFACILI)

IRC

SPI(IRC)

JMODEL

SPI(JMODEL)

JOURNALNAME/JOURNALNUM
Note: This option is used for CTS 1.2 and above; JOURNALNUM is used for CICS 4.1 and CTS 1.1.

SPI(JOURNAL)

JVM
Note: This option is used for CICS CTS 2.3 and above. You can only use INQUIRE.

SPI(JVM)

JVMPOOL

SPI(JVMPOOL)

JVMPROFILE
Note: This option is for CICS CTS 2.3 and above. You can only use INQUIRE.

SPI(JVMPROFI)

JVMSERVER

Note: This option is used for CTS 4.1.0 and above.

SPI(JVMSERVE)

LIBRARY

SPI(LIBRARY)

MODENAME

SPI(MODENAME)

MONITOR

SPI(MONITOR)

MQCONN

Note: This option is used for CTS 4.1.0 and above.

SPI(MQCONN)

MQINI

Note: This option is used for CTS 4.1.0 and above. You can only use INQUIRE.

SPI(MQINI)

MVSTCB

Note: This option is for CICS CTS 2.3 and above. You can only use INQUIRE.

SPI(MVSTCB)

NETNAME

SPI(TERMINAL)

PARTNER

SPI(PARTNER)

PIPELINE

SPI(PIPELINE)

PROFILE

SPI(PROFILE)

PROGRAM

SPI(PROGRAM)

REQID

SPI(REQID)

STATISTICS

SPI(STATISTI)

STORAGE

SPI(STORAGE)

STREAMNAME

SPI(STREAMNA)

SYSDUMPCODE

SPI(SYSDUMPC)

SYSTEM

SPI(SYSTEM)

TASK

SPI(TASK)

TCLASS

SPI(TCLASS)

TDQUEUE

SPI(TDQUEUE)

TEMPSTORAGE

SPI(TEMPSTOR)

TERMINAL

SPI(TERMINAL)

TSMODEL

SPI(TSMODEL)

TSPOOL

SPI(DB2CONN)

TRACEDEST

SPI(TRACEDES)

TRACEFLAG

SPI(TRACEFLA)

TRACETYPE

SPI(TRACETYP)

TRANCLASS

SPI(TCLASS)

TRANDUMPCODE

SPI(TRANDUMP)

TRANSACTION

SPI(TRANSACT)

TSQUEUE

SPI(TSQUEUE)

UOW

SPI(UOW)

UOWDSNFAIL

SPI(UOWDSNFA)

UOWENQ

SPI(UOWENQ)

UOWLINK

SPI(UOWLINK)

URIMAP

SPI(URIMAP)

VOLUME

SPI(VOLUME)

VTAM

SPI(VTAM)

WEB

SPI(WEB)

WEBSERVICE

SPI(WEBSERVI)

XMLTRANSFORM

Note: This option is used for CTS 4.1.0 and above.

SPI(XMLTRANS)

Secondary Resource Checks

Some EXEC CICS commands result in two CA Top Secret security checks:

The following table contains EXEC CICS keywords, the resource types called in the secondary CA Top Secret security check, and the associated access levels:

EXEC CICS Keyword

Secondary Resource Type

Access Level

DATASET

FCT

INQUIRE, SET

DB2ENTRY

DB2ENTRY

INQUIRE,SET

DB2TRAN

DB2TRAN

INQUIRE,SET

FILE

FCT

INQUIRE, SET

PROGRAM

PPT

INQUIRE, SET

TRANSACTIONS

OTRAN

INQUIRE, SET