Question & Answer
Question
Can you confirm that transaction CWWU makes use of a CEMT SET DELETESHIPPED command? I am setting up a CMCI connection to a standalone CICS Transaction Server for z/OS (CICS TS) region without going through a CICSPlex SM (CPSM) region. When trying to connect CICS Explorer to CICS, I receive this DFHXS1111 security violation message:
DFHXS1111 CWWU Security violation by user userid for resource DELETSHIPPED in class CCICSCMD. SAF codes are (X'00000004',X'00000000'). ESM codes are (X'00000004',X'00000000'). RACF request made was FASTAUTH.
The userid does not have CEMT S DELETESHIPPED access but I am surprised to see CWWU needs this CEMT SET command.
Before message DFHXS1111, I can see the following EYU messages indicating a successful CMCI connect:
+EYUNX0001I SMSS initialization program starting
+EYUXL0003I CPSM Version 530 SMSS startup in progress
+EYUXL0119I CPSM Kernel loaded from EYU9XL02
+EYUXL0022I SMSS Phase I initialization complete
+EYUXL0007I SMSS Phase II initialization complete
+EYUNL0099I SMSS LRT initialization complete
Answer
Yes, this is working as designed. Once CICS Explorer is connected to CICS TS, module EYUZNQCR will attempt to open a REGION view and will do command checking (if command security checking is specified as active using the CICS SIT parameter XCMD) against the following resources:
AUTOINSTALL
DELETSHIPPED
DUMPDS
IRC
MONITOR
RRMS
STATISTICS
SYSTEM
TASK
TCPIP
TRACEDEST
TRACEFLAG
VTAM
WEB
Therefore, the userid will require READ access to resource DELETSHIPPED in the class specified by the XCMD parameter in the DFHSIT or in class CCICSCMD (default) if XCMD=YES is coded.
Product Synonym
CICS/TS CICSTS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
22 September 2017
UID
dwa1402489