According the the Implementation:CICS Guide, the CPSMOBJ, CPSMXMP, and GCMPMOBJ resource class IDs should be defined using a command of the following form -
TSS ADDTO(RDT) RESCLASS9resource-class-ID-8) rescode(resource-code-3) ACLST(ALL,UPDATE,CONTROL,READ,NONE) DEFACC(READ)
However, this generates an RDT entry as follows -
RESOURCE CLASS = CPSMOBJ
RESOURCE CODE = X'032'
ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(008),ACCESS
ACCESS = ALL(FFFF),UPDATE(8000),READ(4000),CONTROL(0400)
ACCESS = NONE(0000)
DEFACC = READ
However, according to IBM Publication SA23-2288-02 z/OS Security Server RACF Macros and Interfaces, the maximum length should be forty-four (44) for resource class IDs CPSMOBJ and CPSMXMP, and two hundred and forty-six (246) for resource class ID GCPSMOBJ.
In addition, the specification of ACLST(...,UPDATE,...) generates a bitmask for access level ID UPDATE of "8000". I believe that the command should specify "UPDATE=6000".
In addition, all three (3) resource class IDs should have associated POSIT(nnnn) settings.
I also question the lack of ATTR(MASK) for these resource class IDs.