Examples: securing EXEC CICS INQUIRE and SET commands

Implementing Security › Administering CICS Command Security › Examples: securing EXEC CICS INQUIRE and SET commands

Examples: securing EXEC CICS INQUIRE and SET commands

In In this example, the user only has permission to execute EXEC CICS INQUIRE PROGRAM(TSSCAI) commands:

TSS ADDTO(deptacid) SPI(PROGRAM)

TSS PERMIT(acidname) SPI(PROGRAM)
                     ACCESS(INQUIRE)

TSS ADDTO(deptacid) PPT(TSSCAI)

TSS PERMIT(acidname) PPT(TSSCAI)
                     ACCESS(INQUIRE)

Note: If the program is owned, then ACCESS(EXEC) is required on the PERMIT statement.

Note: For acidname to actually call TSSCAI from a transaction, ACCESS(EXEC) would need to be added to the above PERMIT.

In In this example, the user only has permission to execute EXEC CICS SET TRANSACTION(TSS) commands:

TSS ADDTO(deptacid) SPI(TRANSACT)

TSS PERMIT(acidname) SPI(TRANSACT)
                     ACCESS(SET)

TSS ADDTO(deptacid) OTRAN(TSS)

TSS PERMIT(acidname) OTRAN(TSS)
                     ACCESS(SET)

Note: Although authorization to SPI resources can be specified for up to 44 characters, ownership of the resource is limited to eight characters.

Securing ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS Commands

You can secure the ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS EXEC CICS commands via the CA Top Secret SPI resource. The syntax for the IBM EXEC CICS commands is:

EXEC CICS function option(argument)

ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS are command functions.

CA Top Secret protects EXEC CICS commands by providing equivalent SPI access levels for EXEC CICS function options. CA Top Secret secures EXEC CICS functions via two commands:

TSS ADD the SPI resource to a department or division ACID.
TSS PERMIT the user ACID and include the appropriate SPI resource access level.

The following table lists valid SPI access levels for EXEC CICS commands:

Command Function	SPI Access Level
ENABLE	SET
DISABLE	SET
EXTRACT	INQUIRE
COLLECT STATISTICS	COLLECT

EXEC CICS ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS commands have related functions. The next section describes how CA Top Secret secures each function and their associated commands.

Securing Functions

The following table lists the EXEC CICS command functions and their SPI equivalents for the EXEC CICS ENABLE, DISABLE, EXTRACT, and COLLECT STATISTICS commands:

Command Function	SPI Keyword
ENABLE	SPI(EXITPROG)
DISABLE	SPI(EXITPROG)
EXTRACT	SPI(EXITPROG)
COLLECT STATISTICS	SPI(EXITPROG)