Changes to RACF classes
This section summarizes the changes that relate to RACF® classes across supported CICS® releases. Use this information to plan the impact of upgrading from one release to another.
If you are upgrading from an end-of-service release, you can find information about the changes that are relevant to those releases in Summary of changes from end-of-service releases.
For other security-related changes, see Changes to security. For changes to transactions, see Changes to CICS transactions.
| Command | 5.5 | 5.6 | 6.1 | 6.2 |
|---|---|---|---|---|
| CREATE DUMPCODE | NEW: resource identifier DUMPCODE | |||
| INQUIRE JVMENDPOINT SET JVMENDPOINT | NEW: resource identifier JVMENDPOINT | |||
| INQUIRE NODEJSAPP | NEW: resource identifier NODEJSAPP | |||
| PERFORM JVMSERVER | NEW: resource identifier JVMSERVER ACCESS(UPDATE) is required for the command. ACCESS(UPDATE) is required for the named JVMSERVER resource identifier. |
| User ID | 5.5 | 5.6 | 6.1 | 6.2 |
|---|---|---|---|---|
| Default user ID | CHANGED: Default user no longer needs command authority for any CAT 3 CICS transactions. See Default user ID security definitions. | |||
| KERBEROSUSER | NEW: SIT parameter KERBEROSUSER to specify the user ID associated with the Kerberos service principal for the CICS region. |
| Option | 5.5 | 5.6 | 6.1 | 6.2 |
|---|---|---|---|---|
| Class | Profile | 5.5 | 5.6 | 6.1 | 6.2 |
|---|---|---|---|---|---|
| FACILITY | DFHSIT.HPO | NEW: Control of HPO SIT override | |||
| IDTDATA | JWT.applid.userid.SAF | NEW: support for JWT with RACF | |||
| SURROGAT | userid.DFHEXCI | NEW with APAR: PH09898 | NEW: surrogate user checking for EXCI | ||
| SURROGAT | userid.DFHQUERY | NEW: Application-specific security (QUERY SECURITY) | |||
| SURROGAT | userid.SUBMIT | NEW: security for submitting a JCL job to the internal reader |