Authorizing access to data set services modules

During initialization, CICS® determines the availability of backup-while-open (BWO) support by linking to the callable services modules IGWAMCS2 and IGWABWO.

CICS also checks the DFSMSdss or DFDSS release level by linking to the module ADRRELVL. If access to this data set services module is controlled by means of RACF® PROGRAM general resource profiles, security violation messages are issued against the CICS region user ID, unless the user ID is authorized to access ADR-prefixed module names.

You can avoid security violation messages against the CICS region user IDs, and still control access to data set services:

If you have generic PROGRAM profiles protecting access to ADR modules, create specific PROGRAM profiles for the ADDRELVL module and ensure that your CICS region user IDs have READ access to these specific profiles.
Instead of using PROGRAM profiles to protect access to data set services, use one of the following methods:
- Define suitable profiles in the DASDVOL general resource class.
- Define profiles in the FACILITY general resource class that are supported by DFSMS to control access to data set services.
For information about using DASDVOL and FACILITY class profiles to control the uses of data set services, see z/OS DFSMSdss Storage Administration Guide.