The QUERY SECURITY command

You can use the EXEC CICS QUERY SECURITY command to determine whether a terminal user has access to resources that are defined to the external security manager.

You can use the QUERY SECURITY command with RACF® or any equivalent external security manager (ESM). The terminal user in this context is the user invoking the transaction that contains the QUERY SECURITY command.

In response to a QUERY SECURITY command, CICS returns information about the terminal user's security authorizations. CICS obtains this information from the external security manager. You can code the application to proceed in different ways depending on the user's permitted accesses.

You specify the type of resource that you are querying by the CICS resource type name. For example, if you want to query a user's authorization to access a file, you can specify RESTYPE('FILE'). To identify a particular file within the type, you specify the RESID parameter.