Authorizing access to user data sets
When you have defined the RACF user ids for your CICS regions and given them access to the CICS system data sets, permit the user IDs to access the CICS application data sets with the necessary authority.
You must grant the CICS region user ID read access to each VSAM catalog for files for which CICS has file definitions installed and are to be either opened during CICS startup or at any time after.
PERMIT 'CICSTS52.CICS.appl1.dataset1' ID(user or group) ACCESS(READ)
PERMIT 'CICSTS52.CICS.appl1.dataset2' ID(user or group) ACCESS(READ)
PERMIT 'CICSTS52.CICS.appl2.dataset3' ID(user or group) ACCESS(UPDATE)
PERMIT 'CICSTS52.CICS.appl2.dataset4' ID(user or group) ACCESS(UPDATE)ACCESS(CONTROL) for VSAM entry-sequenced data sets (ESDS)
CICS file control uses control interval processing when opening a VSAM ESDS (non-RLS mode only). This means that you must specify ACCESS(CONTROL) for all such data sets, otherwise the OPEN command fails with message DFHFC0966.
ACCESS(ALTER) for VSAM data sets when using BWO
In order to use backup while open (BWO) to back up VSAM data sets that are currently in use and are defined as BACKUPTYPE(DYNAMIC), or BWO(TYPECICS) in the integrated catalog facility (ICF) catalog, give the CICS region userid RACF ALTER authority to the data set or to the ICF catalog in which that data set is defined. If you do not, the OPEN command fails with message DFHFC5803. For guidance on using BWO, see Backup-while-open (BWO).
ACCESS(ALTER) for VSAM data sets when specifying SMS Data Class attribute Dynamic Volume Count
Dynamic Volume Count
You can use SMS Data Class attribute Dynamic Volume Count to extend your VSAM data to multiple volumes. Depending on your SMS release level, ACCESS(ALTER) may be required by the CICS region userid to update the ICF catalog volume list during EOV extend processing. To determine the correct access level for your DFSMS release, see Required RACF Authorization Tables in z/OS DFSMS Access Method Services Commands.