XCMD
The XCMD system initialization parameter specifies whether you want CICS® to perform command security checking, and optionally the RACF® resource class name in which you have defined the command security profiles.
- XCMD={YES|name|NO}
- If you specify YES, or a RACF resource class name, CICS calls RACF to verify
that the userid associated with a transaction is authorized to use a CICS command for the specified resource. Such checking is performed every time
a transaction tries to use a COLLECT, DISABLE, DISCARD, ENABLE, EXTRACT, INQUIRE, PERFORM, RESYNC,
or SET command, or any of the FEPI commands, for a resource. Note: The checking is performed only if you have specified YES for the SEC system initialization parameter and specified the CMDSEC(YES) option on the transaction resource definition.
- YES
- CICS calls RACF, using the default class name of CICSCMD prefixed by C or V, to check whether the userid associated with a transaction is authorized to use a CICS command for the specified resource. The resource class name is CCICSCMD and the grouping class name is VCICSCMD.
- name
- CICS calls RACF,
using the specified resource class name prefixed by C or V, to verify that the userid associated
with a transaction is authorized to use a CICS command for
the specified resource. The resource class name is Cname and the grouping
class name is Vname.
The resource class name specified must be 1 through 7 characters.
- NO
- CICS does not perform any command security checks, allowing any user to use commands that would be subject to those checks.
Restrictions: You can specify the XCMD parameter in the SIT, PARM, or SYSIN only.
For information on how resource security can provide a further level of security to transaction security, see Resource security for transactions.